[00:01.430 --> 00:08.570]  All right. Thank you, Diego, for that introduction and to the whole team at Monero for putting on
[00:08.570 --> 00:16.230]  another Monero Village at Devon. Just before I go on too long here, can people hear me?
[00:16.230 --> 00:32.670]  Can I get a from chat or otherwise? Okay, great. Thanks for the feedback. All right.
[00:32.950 --> 00:38.730]  So, I'm here to give the keynote at Monero Village again. It's a privilege and honor
[00:38.730 --> 00:45.410]  to do that. I'm Dr. Daniel Kim, Founder and CEO of Sweetwater Digital Asset Consulting.
[00:45.450 --> 00:50.530]  A little bit about myself. So, academically, I'm trained as a particle physicist. I did
[00:50.530 --> 00:55.370]  my undergraduate and graduate work in experimental particle physics at Harvard.
[00:55.470 --> 01:03.070]  Later, I wanted to show an interest in the way the real world worked. Because a PhD shows you
[01:03.070 --> 01:08.710]  can go deep, I wanted to also go wide and learn about different things and how the world works.
[01:08.730 --> 01:15.490]  Picked up an MBA later. Most of my career was spent in the non-profit sector. I spent 10 years
[01:15.490 --> 01:21.290]  as a symphony orchestra musician. Ended up doing about 700 concerts professionally. And concurrently
[01:21.290 --> 01:27.290]  with that, I was a medical school professor as well. It was as a medical professor that I did my
[01:27.290 --> 01:34.090]  perhaps most DEF CON thing, which was to invent a device that did packet sniffing on a medical
[01:34.090 --> 01:39.750]  network to reconstruct treatment data being delivered to cancer patients just before the
[01:39.750 --> 01:46.790]  time of treatment. So, I got that patented and kind of learned about how the intellectual property
[01:46.790 --> 01:55.990]  system works. After that, I decided that I wanted to try something new. So, I went into the
[01:55.990 --> 02:02.910]  for-profit world. I ended up becoming Director of Research at an equity hedge fund. And it was
[02:02.910 --> 02:08.910]  there that I started to look into cryptocurrency kind of as a hobby, just as this interesting thing.
[02:09.450 --> 02:15.270]  And it was there that I decided that there are only a few times in one's life that a truly
[02:15.270 --> 02:21.330]  fundamental discovery is going to happen. And I came to the conclusion that Nakamoto Consensus
[02:21.330 --> 02:27.330]  was one of those. And so, I decided to go off on my own. And so, I'm an independent consultant now.
[02:27.330 --> 02:33.910]  Sweetwater Digital Asset Consulting is my firm. And I seek to connect two very separate worlds
[02:33.910 --> 02:41.310]  that often see each other with a rather distorted lens. So, on one side is the non-commercial,
[02:41.310 --> 02:48.130]  open source, cypher, grassroots, cryptocurrency side, which is well represented at DEF CON.
[02:48.310 --> 02:54.270]  But then there's a parallel world that happens. And it really is a world like it goes on
[02:54.270 --> 03:00.790]  independently. And there's very little kind of real dialogue between these two groups.
[03:00.790 --> 03:07.150]  And so, that would be the traditional investment and estate planning, trust, family offices,
[03:07.150 --> 03:16.670]  asset protection. These are using, taking full use of the legal system to protect wealth and
[03:17.430 --> 03:23.450]  create value for clients. And so, I help people on both sides of this divide. So, I talk with
[03:23.450 --> 03:30.950]  crypto guys who want some guidance in putting together a plan to shield their crypto from
[03:30.950 --> 03:37.030]  future creditors, whether they be random people who might sue them or a potentially vindictive
[03:37.030 --> 03:42.870]  future ex-spouse. And then from the other direction, I talk with traditional portfolio
[03:42.870 --> 03:50.210]  managers in the trust and estate world who are well acquainted with traditional assets, but
[03:50.210 --> 03:53.510]  have heard about this cryptocurrency stuff, want to know if it's for real,
[03:53.510 --> 03:58.950]  and want to get in touch with a Sherpa who can help them sort through all the noise.
[04:00.350 --> 04:06.570]  So, that's my for-profit work right now. But for my non-profit work, I'm also a community
[04:06.570 --> 04:14.230]  volunteer for the Monero project. And so, for example, my doing this talk is without any
[04:14.230 --> 04:19.670]  compensation from Monero. I'm doing this because I personally feel that this is an important project
[04:19.670 --> 04:29.070]  for humanity. And I think it's important for people to speak out and make their voices heard
[04:29.070 --> 04:37.110]  on matters like this. So, yeah. So, I'm not a dev. I'm not related to a dev. Let's see,
[04:37.110 --> 04:45.290]  what else? I really am independent from the Monero project. My duty is to my clients of
[04:45.290 --> 04:54.250]  my consulting firm to whom I offer my best advice on what I think is legitimate in terms
[04:54.250 --> 05:03.630]  of cryptocurrency. And specifically in that, I specialize in the non-security store of value
[05:03.630 --> 05:14.450]  type tokens like Bitcoin and Monero. Okay, so this talk, I'm calling sound money safe mode.
[05:14.450 --> 05:20.990]  And there are four sections to it. There's the pandemic economy to set the framework of
[05:20.990 --> 05:28.230]  everything. Second part is independent scarcity, that is sources of scarcity that run independently
[05:28.230 --> 05:35.650]  of governmental control. Third is fungibility versus mass surveillance. And so, this is
[05:36.350 --> 05:44.070]  in the crypto world, this is, I think, insufficiently discussed because the current
[05:44.070 --> 05:50.650]  market leader cryptocurrency does not have fungibility as a defining feature. So, I'll talk
[05:50.650 --> 05:58.410]  about the consequences of a fungible versus a non-fungible value token in the third part.
[05:58.450 --> 06:02.130]  And then the fourth part is about getting involved. So, there are kind of, there's a
[06:02.130 --> 06:05.410]  shallow way to get involved and there's a deeper way to get involved. The shallow way would be
[06:05.650 --> 06:10.750]  because it's a cryptocurrency, it is like, it behaves like an asset. And so, I put on my hedge
[06:10.750 --> 06:18.970]  fund hat and I kind of look at Monero and Bitcoin and also gold as parts of one's portfolio. That's
[06:18.970 --> 06:24.730]  one way to get involved with this project is to, you know, purchase. But the deeper, more
[06:24.730 --> 06:30.930]  significant way is getting involved personally, like with your time and energy and expertise.
[06:30.930 --> 06:40.530]  So, I talked about that at the end. So, before I start, thanks to Howard H.Y.C. Chiu, Dr. Serang
[06:40.530 --> 06:46.990]  Noether of the Monero Research Lab, and Dr. Francisco Articman Cabanas, who is on the
[06:46.990 --> 06:52.590]  Monero core team for helpful discussions and technical assistance in preparation for this
[06:52.590 --> 07:03.120]  presentation. All right. So, everyone's seen a ton of stuff about the pandemic. I won't rehash
[07:03.120 --> 07:10.500]  anything that I think that you've already seen before. But, oh, gee, this...
[07:14.560 --> 07:30.370]  I'm just realizing that this display is not showing the slide completely. Let me close some
[07:30.370 --> 07:39.780]  stuff. Yeah, there's a weird thing where, like, what I see here on my local screen is not what is
[07:39.780 --> 07:47.620]  getting sent by Jitsi. So, I apologize. This is the problem being the first speaker of the day.
[07:48.540 --> 07:55.880]  Okay. It's not super pretty, but at least I can see that the whole slide is showing.
[07:56.940 --> 08:06.020]  There's a couple other work things. Okay. So, yeah, apologies for all the clutter on the
[08:06.020 --> 08:10.260]  display here. But I think it's probably more important that you see the entire slide than to
[08:10.260 --> 08:18.440]  see it framed in a pretty way. Okay. So, back to the pandemic. Oh, yeah. So,
[08:19.280 --> 08:24.940]  one way to see the pandemic is that there's a microbe that succeeded in social engineering
[08:24.940 --> 08:33.480]  all of us. So, the left here shows basically a flowchart of our social protocol pre-pandemic.
[08:33.480 --> 08:40.720]  Going to this is going to seem like a quaint exercise in a long ago era. So, you're sitting
[08:40.720 --> 08:46.560]  at home. Do you feel like going out? No, you don't feel like going out? Well, you stay home.
[08:46.560 --> 08:51.400]  But if you feel like going out, well, then you must be healthy because the fact that you feel
[08:51.400 --> 08:57.140]  like going out means that you must be healthy. So, based on that self-diagnosis, you go out.
[08:57.140 --> 09:02.120]  Now you're in public. Okay. So, while you're out and about in public, do you see anyone coughing,
[09:02.120 --> 09:08.200]  looking like they're sick? Well, if the answer is yes, then you diagnose that there's a sick
[09:08.200 --> 09:13.700]  person over there and maybe you should avoid them. But then you carry on doing what you were doing.
[09:14.260 --> 09:18.800]  You feel like going home? Yes or no. And then you kind of repeat this out in public where you just
[09:19.320 --> 09:25.640]  generally avoid people who are visibly obviously looking sick and don't worry about things
[09:25.640 --> 09:33.180]  otherwise. And the thing is that this worked. This switch has been kind of arguably evolved
[09:33.180 --> 09:39.760]  into us. It's led to the survival of a lot of people basically going by this simple heuristic.
[09:40.100 --> 09:45.080]  And of course, one thing about the pandemic is that we're told that this heuristic is ineffective
[09:45.080 --> 09:50.660]  now, right? Because we're told that the self-diagnosis of being healthy if you just feel
[09:50.660 --> 09:58.760]  like it is no longer true. The diagnosis that you are able to diagnose other people by seeing
[09:58.760 --> 10:05.700]  if they're coughing or not. And it turns out that that now is insufficiently accurate diagnosis.
[10:06.020 --> 10:11.900]  So of course, nobody likes being told that their instincts are off. And so that's been
[10:11.900 --> 10:17.560]  one of the social difficulties in getting like a public health message out.
[10:18.760 --> 10:25.100]  But that's one way of looking at this, is that the pandemic has taken advantage of a social
[10:25.100 --> 10:32.120]  engineering weakness in humans that has to do with self-diagnosis and spot-checking others'
[10:32.120 --> 10:39.800]  diagnosis of disease. All right, on the right side of the slide, I'm showing what I'm calling
[10:39.800 --> 10:44.940]  dirty money. And so this is a research paper that was published in Lancet, which is the UK's
[10:44.940 --> 10:51.020]  premier medical journal. And what they did was they took samples of COVID, I mean, I'm sorry,
[10:51.020 --> 10:57.720]  SARS-CoV-2, and deliberately put it on various surfaces to test how long the virus would live
[10:57.720 --> 11:04.280]  on various surfaces. And kind of interestingly, one of the surfaces that they tested was money.
[11:04.280 --> 11:09.720]  So they took money, they put a virus on it, and then they measured that money to see how much
[11:09.720 --> 11:16.920]  virus was remaining on the money as time went on. And as you can see, there's basically a dual regime
[11:17.520 --> 11:24.660]  half-life here. So initially, the half-life is rather quick, with a half-life about one hour.
[11:24.760 --> 11:33.100]  But yet, that's not so fast that the virus is not measurable. So basically, the amount of virus
[11:33.100 --> 11:41.700]  remaining on money remains highly measurable, even after 24 hours here, 48 hours here.
[11:42.100 --> 11:47.180]  And so I think at the third day, they came up with a no measurement for that.
[11:55.120 --> 12:00.860]  All right, so what did this trigger in an economic sense? So there's a lot going on in this chart,
[12:00.860 --> 12:06.720]  which is all US data from the Federal Reserve. So I'll go through it step by step. So first,
[12:06.720 --> 12:12.560]  you look at this blue line here, that is the U6 unemployment rate. Now, U6 is the more broad
[12:12.560 --> 12:18.540]  measure of unemployment. It counts not only those people who are attempting to find work, but also
[12:18.540 --> 12:24.240]  those people who are underemployed, and also those people who are so discouraged about their prospects
[12:24.240 --> 12:29.080]  of finding work that they give up, and they stop even looking for work. So those people who are not
[12:29.080 --> 12:35.380]  counted in the usual measure of unemployment, which is U3, do get counted in U6. And the blue
[12:35.380 --> 12:40.140]  line here is showing on the left scale. The other thing to note on this plot is that this is a very
[12:40.140 --> 12:47.440]  long timescale. So we're going back to 1980 here. And you can see that the unemployment rate, which
[12:47.440 --> 12:56.200]  kind of peaked at about 18% in the last financial crisis in 2009. If you look at that for 2020,
[12:56.640 --> 13:04.560]  you can see that it peaked at about 23% unemployment. So what was the response to
[13:04.560 --> 13:12.540]  this? The response was to, for the current response by the Federal Reserve, is to be
[13:12.540 --> 13:16.780]  primarily concerned that this is going to cause deflation. That is, that people are going to just
[13:16.780 --> 13:22.940]  stop spending money, and that the economy is going to grind to a halt because of that. So the remedy
[13:22.940 --> 13:28.580]  to that particular short-term problem is to print money. Because by printing money, that reduces
[13:28.580 --> 13:33.960]  interest rates. And when interest rates go down, it becomes less attractive to save your money, and
[13:33.960 --> 13:40.300]  more attractive to just spend your money. So it's part of the stimulus. And so you can see that the
[13:40.300 --> 13:47.080]  MZM money supply here, which is shown in green, MZM money supply is the broadest measure of liquid
[13:47.080 --> 13:54.340]  money in the US. It includes cash, currencies, checking accounts, savings accounts, and also
[13:54.340 --> 14:00.020]  money market accounts, which many people nowadays use as a kind of form of a checking account.
[14:01.540 --> 14:06.780]  So the green line shows the total of the MZM money supply, and I divide that, because it's an
[14:06.780 --> 14:10.000]  enormous number. It's in the trillions of dollars, which is hard to get your head around what that
[14:10.000 --> 14:15.460]  means. So I normalize that number by the gross domestic product. And you can see that that is
[14:15.460 --> 14:23.700]  the green line. And you can see that in 2020, the money supply took this very steep upward jump
[14:23.700 --> 14:27.080]  as a result of the pandemic.
[14:29.180 --> 14:34.680]  Now on the bottom here, you see this very wiggly line. So what this is showing is how much money
[14:34.680 --> 14:40.700]  the US government takes in on a monthly basis, minus how much the US government spends on a
[14:40.700 --> 14:46.880]  monthly basis. And you can see this half century history is shown here. And there's never been
[14:46.880 --> 14:55.380]  this occurrence ever in which the government is taking in much, much less than it's spending.
[14:55.560 --> 15:00.560]  Now, part of this might be temporary, because at least in the US, there was a tax moratorium.
[15:00.560 --> 15:07.640]  The usual tax due date of April 15 was moved back to July 15. So in those intervening months
[15:07.640 --> 15:12.900]  between April and July, there was basically likely to be no money into the Treasury.
[15:12.900 --> 15:20.140]  So it could be that this line will spike back up because taxes were due July 15 this year.
[15:20.720 --> 15:29.520]  But it remains to be seen. You know, how much will receive taxes go up back up? It's hard to know.
[15:29.860 --> 15:36.160]  The time integrated result of this gray line here gives you the black line on top, which is
[15:36.160 --> 15:41.420]  the overall federal debt, which I'm normalizing to, again, to the GDP on the right scale.
[15:41.420 --> 15:48.480]  So you can see that during the 2009 financial crisis, our federal debt to GDP went from about
[15:48.480 --> 15:54.460]  60% to about 100%. Now, at the beginning of the year, we were looking at about 110%.
[15:55.500 --> 16:01.740]  And this federal debt to GDP number is lagging now by four months. So what you're seeing here
[16:01.740 --> 16:07.360]  is actually only going up till March of this year. It's not showing the worst
[16:08.480 --> 16:19.200]  so far, the worst so far time of the crisis. So yeah, it's to say that this pandemic on an
[16:19.200 --> 16:26.440]  economic basis is unprecedented, at least within the lifetime of all the people who are likely to
[16:26.440 --> 16:35.200]  be looking at this stream. It's not an understatement. Nor is this limited to the US.
[16:38.030 --> 16:46.370]  So if we look at the G20 fiat currencies that have reported data to the OECD, it turns out that
[16:46.370 --> 16:54.750]  there's eight countries who have been reporting data consistently through the this time. And here
[16:54.750 --> 16:59.950]  I'm plotting the money supplies of each of these eight countries. And I'm looking at a more limited
[16:59.950 --> 17:06.070]  timescale. Now I'm looking at 2018 to the present. And I'm normalizing each of these money supplies
[17:06.070 --> 17:14.330]  to the money supply as it was on January of this year. So all of these different monies
[17:14.770 --> 17:21.590]  are normalized to 1.0 at the beginning of this year. You can basically see that there's like a
[17:21.590 --> 17:28.070]  hockey stick shape to this curve, right? So up until January 1st, the money supplies of these
[17:28.070 --> 17:37.290]  was growing at a concerning rate. But now in retrospect, now that we can see how the rate
[17:37.290 --> 17:44.910]  of money printing has been going post pandemic, the 2019 and 2018 periods look like rather
[17:44.910 --> 17:52.730]  restrained periods in retrospect. The size of the USD money printing is really, it's hard to get
[17:52.730 --> 18:01.630]  one's head around this. The size of this gap here amounts to $1.3 trillion, which means that
[18:01.630 --> 18:06.250]  in that time period, in the first six months of this year, the rate of money creation has been
[18:06.250 --> 18:15.010]  $300 million per hour. Now, given that the market cap of Monero is about four or five times that,
[18:15.010 --> 18:22.370]  so we're talking about the money supply growing by the market cap of Monero about six to seven
[18:22.370 --> 18:36.210]  times a day for six months. All right, if we look now at a larger set of countries, so now all of
[18:36.210 --> 18:41.070]  the G20 fiat currencies, including those that stopped reporting data for whatever reason to
[18:41.070 --> 18:48.370]  the OECD in late 2018. So now you're seeing 17 different countries' fiat currencies here.
[18:48.370 --> 18:57.230]  It's 17 and not 20 because France, Germany, and let's see, I'm blanking out on one other.
[18:57.390 --> 19:04.110]  There are three countries that don't have their own money yet sit on the G20, and the euro, like
[19:04.110 --> 19:09.390]  all of the euro zone, has a seat on the G20. So that's why the number of currencies is not exactly
[19:09.390 --> 19:16.550]  20 for the G20. But nevertheless, you can see that this is all of them. And since 2009,
[19:16.550 --> 19:21.910]  which is the date of the Nakamoto white paper, the world's fiat currencies have
[19:22.550 --> 19:27.490]  basically doubled or tripled in the about 11 years since.
[19:28.370 --> 19:35.530]  So as a former med school professor who worked in oncology, I was a physicist helping with the,
[19:35.530 --> 19:40.270]  you know, technical details of delivering high-dose radiation to cancer patients.
[19:40.350 --> 19:45.970]  This whole concept of exponential growth is pretty familiar. Like this exponential growth
[19:45.970 --> 19:52.590]  curve, it's basically like a tumor growth curve. You have basically a doubling time for this
[19:53.430 --> 19:59.970]  malignancy that's growing. And so here in, you know, if you apply that math to this,
[19:59.970 --> 20:09.490]  we're looking at a doubling time of about eight years. So if you apply a doubling time of eight
[20:09.490 --> 20:17.150]  years through your lifetime, so if you imagine an average lifetime is 80 years, let's just say,
[20:17.150 --> 20:22.210]  which would amount to 10 doubling times. So you're looking at an expected growth of two
[20:22.210 --> 20:27.730]  to the 10th power for the money supply in your lifetime if you extrapolate the results in this.
[20:27.730 --> 20:36.210]  So that's a 1000x growth given the compounding rates that we're seeing in this chart.
[20:37.470 --> 20:43.050]  There's an interesting book called Monetary Regimes and Inflation. It's in its second edition,
[20:43.050 --> 20:50.690]  and it's written by an academic in Switzerland who studied 25, or I'm sorry, 29 different historical
[20:50.690 --> 20:57.150]  cases of hyperinflation and found that in 25 of them, the root cause of this was that governments
[20:57.150 --> 21:05.390]  were funding their deficits with money creation. So this chart is showing that the money creation
[21:06.150 --> 21:10.690]  is happening, and especially now in 2020, it's happening even more than ever.
[21:11.330 --> 21:17.610]  The other, what this chart is not showing is the government deficit part, but well,
[21:17.610 --> 21:26.930]  it's hard to be too optimistic about that, frankly. So what does all this mean? It means that
[21:27.770 --> 21:36.950]  it's probably a good idea to entertain the possibility that the probability of increased
[21:36.950 --> 21:47.220]  inflation in the future has gone up as a result of the pandemic. So in a time of high inflation
[21:47.220 --> 21:54.080]  in fiat currency, what does it make sense to consider looking at for those who have assets?
[21:54.640 --> 21:59.120]  Independent sources of scarcity are what traditionally get looked at. So we're talking
[21:59.120 --> 22:05.560]  about physical commodities like gold and silver. And since 2009, now there's been a digital option
[22:05.560 --> 22:12.500]  in terms of digital commodities. Bitcoin was the first, and in my opinion, Monero is probably the
[22:12.500 --> 22:20.620]  only other one that checks the necessary boxes to be taken seriously as a second digital commodity
[22:20.620 --> 22:30.780]  in the space of store of value cryptocurrencies. Now, physical commodities are interesting. So
[22:30.780 --> 22:37.920]  gold and silver, if you follow the gold prices, you've probably seen that the gold prices have
[22:37.920 --> 22:45.460]  also spiked recently. There's a generational divide here as far as how people react to this
[22:45.460 --> 22:51.260]  divide between physical commodities and digital commodities. And as a Gen X-er,
[22:51.260 --> 22:57.960]  for whom the kind of one way you can define Gen X is that these are people who had a considerable
[22:57.960 --> 23:02.880]  chunk of their childhood spent in a time that didn't have the internet. So as a result, I can
[23:02.880 --> 23:07.780]  kind of see things from both perspectives. I can see, I can remember a time when there was no
[23:07.780 --> 23:14.260]  internet. And so I can, I can see how people would kind of gravitate towards gold and silver in a
[23:14.260 --> 23:20.620]  time like this. But also having seen the transformative effect of the internet, I can
[23:20.620 --> 23:27.500]  also see things from like a, you know, like a Gen Z or millennial type view, in which one can sort
[23:27.500 --> 23:31.640]  of assume that the internet's always going to be there, just like running water is always going to
[23:31.640 --> 23:43.700]  be there. It's funny though, because for gold and silver, there are lots of ways to buy gold and
[23:43.700 --> 23:49.560]  silver. And not all of them involve actually getting your hands on metal. So some of them
[23:49.560 --> 23:55.720]  involve hiring somebody to buy your metal and store it for you. And then you think you have
[23:55.720 --> 24:00.360]  your metal because you have a piece of paper or you have an email saying you own this much gold
[24:00.360 --> 24:08.420]  in this vault that's somewhere. And it's probably true. I mean, or it's going to be true until it
[24:08.420 --> 24:16.780]  ceases to be true. And there have been like a lot of scams, basically in the precious metals market
[24:17.300 --> 24:24.660]  of people being taken advantage of in ways like this. And it's funny because it's like history
[24:24.660 --> 24:30.220]  repeats itself, but rhymes. So they're like now in the crypto space, there's like the analog of
[24:30.220 --> 24:36.620]  all these things. Basically people offering to, you know, to take your crypto as you know,
[24:36.620 --> 24:41.640]  they offer to store your crypto for you. So you don't have to worry about all that trouble of
[24:41.640 --> 24:46.140]  learning, you know, what's going on behind the crypto. We'll take care of all those details.
[24:46.140 --> 24:52.000]  You pay us just a little bit and we promise crypto is all going to be there. That's happened in the
[24:52.000 --> 25:00.440]  precious metals market. It happens now and people get in both cases. Trading on margin with leverage
[25:00.440 --> 25:08.400]  is another way for kind of the less sophisticated investors who want to try and make a quick buck
[25:08.400 --> 25:15.660]  get taken advantage of. It turns out that the mathematics of margin borrowing, which is
[25:15.660 --> 25:21.380]  necessary to take on highly leveraged positions in any asset, including precious metals or in
[25:21.380 --> 25:30.100]  cryptocurrency, highly disfavor the person placing the bet. So basically if you go 10x on something,
[25:30.440 --> 25:36.580]  and it goes up, you're not going to get the 10x because part of the gains from that 10x are going
[25:36.580 --> 25:42.760]  to be used to repay the loan that you took in order to go 10x. So you're not going to see 10x
[25:42.760 --> 25:48.640]  going up. But if the asset that you 10x on goes down, then yeah, you're going to lose all your
[25:48.640 --> 25:55.800]  money in a strictly linear fashion like you would expect. So and then, you know, now in the crypto
[25:55.800 --> 26:03.500]  era, you have people getting kind of attracted to the casino of trading on leverage and using that
[26:03.500 --> 26:12.770]  to basically lose to more sophisticated, more knowledgeable counterparties. But let's talk
[26:12.770 --> 26:18.210]  about digital scarcity networks. So taking aside gold and silver for now and focusing on digital
[26:18.210 --> 26:24.210]  commodities. So let's look at centralized security versus a decentralized security model. In
[26:24.210 --> 26:29.830]  centralized security, you have banks and fiat. So you have a database, which is protected,
[26:29.830 --> 26:34.750]  it's got firewalls around it. And the idea is that once you have access, once you're a trusted
[26:34.750 --> 26:39.270]  insider, you're a bank employee or something like that, then you have access to the database.
[26:39.270 --> 26:44.310]  Otherwise, you have no access to the database. There's one authoritative version of the ledger,
[26:44.310 --> 26:49.650]  which exists inside the bank walls. It's all closed source, of course, it's closed source,
[26:49.650 --> 26:54.170]  why would you open up the source, because that would be, you know, showing potential
[26:54.170 --> 27:00.670]  vulnerabilities to people. And there are downsides to this, of course, there's mismanagement, there's
[27:00.670 --> 27:07.750]  like all these charts showing the runaway growth of fiat currency are arguably
[27:07.750 --> 27:15.590]  categorizable under mismanagement of centralized scarcity model. There can be insider abuse.
[27:15.590 --> 27:22.270]  There are numerous accounts of bad behavior on the part of, you know, regulated banks,
[27:23.180 --> 27:28.810]  who basically do, you know, egregious violations of their customers trust and end up getting just
[27:28.930 --> 27:36.750]  a slap on the wrist for it. The other thing, if you are in charge, if you are the designated,
[27:36.750 --> 27:42.510]  approved gatekeeper of a centralized security network, then as the gatekeeper, you don't
[27:42.510 --> 27:47.190]  really have that much incentive to improve your service, because you're the gatekeeper, people
[27:47.190 --> 27:52.990]  have to come to you to get service, you know, to get access to the central database, they have to
[27:52.990 --> 27:58.470]  come to you. Now, so that means you're a middleman, you're in a position of power. And that means
[27:58.470 --> 28:04.390]  there's less incentive for you to improve your hours, or your services, which is why we still
[28:04.390 --> 28:10.070]  see banks having, you know, nine to five Monday through Friday hours, in a time where, you know,
[28:10.070 --> 28:15.770]  for years and years now, people have been able to go onto Amazon and, you know, go shopping, you
[28:15.770 --> 28:22.770]  know, 2.30 in the morning, you know, from their bed if they want, but for banking, like to get a
[28:22.770 --> 28:28.990]  wire sent out, you still have to do business hours. So these are the pros and cons of a centralized
[28:28.990 --> 28:34.930]  security model for digital scarcity. If we turn now to a decentralized security model, now everything
[28:34.930 --> 28:40.410]  is turned on its head relative to the centralized security model. Anyone can join the peer-to-peer
[28:40.410 --> 28:47.750]  network whose job it is to maintain a ledger of who owns what. Each of these nodes maintains its
[28:47.750 --> 28:56.070]  own version of the ledger. The code is open source, under the more eyeballs is fewer bugs, kind of
[28:56.070 --> 29:02.390]  principle that's espoused in open source software development. The downsides are that this source of
[29:02.390 --> 29:07.490]  scarcity are new, and so people have to get their heads around it, and there's going to be a lot of
[29:07.490 --> 29:14.690]  noise, and there's going to be a lot of excitement, a lot of not very smart ideas being given a
[29:14.690 --> 29:23.110]  decentralized security sheen around them in order to sound new and glamorous. So there's a lot of
[29:23.110 --> 29:30.030]  noise to sort through because it's new. It's also inefficient because the efficiency of centralized
[29:30.030 --> 29:33.770]  security models, you just have one database that's in the middle, so as long as you
[29:34.630 --> 29:41.510]  you just have to, you know, maintain one computer's worth of computing power, whereas in a
[29:41.510 --> 29:47.850]  decentralized model you have different ideas of what the state of the ledger is among all of the
[29:47.850 --> 29:54.430]  computers in the network, and the methods to obtain consensus on what is the true state of the network
[29:54.430 --> 29:58.950]  are going to necessarily be less efficient than that of a centralized network.
[30:02.540 --> 30:09.780]  So for this talk, I'm assuming that the, you know, you viewing this are not necessarily
[30:11.200 --> 30:17.860]  immersed in Bitcoin and blockchain topics, since Defcon is a pretty broad tent. There are a lot of
[30:17.860 --> 30:26.440]  people with a lot of diverse interests in Defcon, and so I'm going to assume that you have not taken,
[30:26.440 --> 30:31.520]  you know, a lot of time to think about how Bitcoin works. So I'm going to do that. I'm going to try
[30:31.520 --> 30:38.120]  and do it very briefly. So I would invite you, if you're new to cryptocurrency, and even if you're
[30:38.120 --> 30:42.980]  not new to cryptocurrency, I think it's a good thing to do to put yourself in the mindset of
[30:42.980 --> 30:49.760]  pretending like things were back when they were in 2009, before there was a way to check the price
[30:49.760 --> 30:55.960]  of every cryptocurrency every second, before there were, you know, limit orders and exchanges and all
[30:55.960 --> 31:04.400]  this, you know, that, that unfortunately tend to put a profit and loss, you know, like a profit and
[31:04.400 --> 31:11.740]  loss framework on around Bitcoin, that gets away from the kind of true spirit of the thing, which
[31:11.740 --> 31:21.080]  is really a technological and computing, like, miracle. So it's, it's good to kind of disregard
[31:21.080 --> 31:27.360]  all of that price stuff. I think, I think most of the time when you're thinking about cryptocurrency.
[31:27.860 --> 31:33.200]  So let's go back to Bitcoin's early history. So on Halloween of 2008, that's when the
[31:33.200 --> 31:40.860]  Naokimoto white paper came out. January 9th, 2009 was the Bitcoin Genesis block. That was the very
[31:40.860 --> 31:47.320]  first block. In other words, the very first list of transactions of who sent what to who in Bitcoin.
[31:47.960 --> 31:53.960]  And since January 2009, this network has been going strong ever since, 24-7.
[31:54.980 --> 32:00.040]  In, in the year 2009, Bitcoin was operational, but it had zero value.
[32:00.040 --> 32:07.300]  Right. So it was just this, this thing that was like a, like a geek play thing. There was no,
[32:07.300 --> 32:10.960]  there's no money involved, there's no profit involved, there's no trying to sell
[32:10.960 --> 32:19.220]  anything involved. It was just this interesting innovation of a digital thing that claimed to
[32:19.220 --> 32:27.340]  act like money without needing a central authority to, to limit its scarcity like money.
[32:27.340 --> 32:31.860]  So the Bitcoin white paper describes a way to synthesize this digital scarcity without needing
[32:32.060 --> 32:38.860]  a central authority. So there are three parts to the analogy between Bitcoin and a bank network.
[32:38.860 --> 32:45.200]  So the first part of the analogy to, to describe is like, what, what is the analogy of a bank
[32:45.200 --> 32:51.180]  account? And that is a Bitcoin address. Second, what's the analogy of writing a check or sending
[32:51.180 --> 32:55.720]  funds out? That would be in the Bitcoin world, in the cryptocurrency world, it's a message signing.
[32:55.720 --> 33:01.780]  And then third, who is the party that is going to clear the check and process the check once it's
[33:01.780 --> 33:08.000]  been written? Who is doing that function in, in this new digital commodity realm? And so there's
[33:08.000 --> 33:12.780]  an accounting network of peer-to-peer computers that gets used to do that in Bitcoin.
[33:13.940 --> 33:21.240]  So going through these three analogies in a bit more detail. So the SecP256k1 elliptic curve
[33:21.240 --> 33:28.420]  is what defines the cryptography in Bitcoin. So that I'm showing what it is. It's Y squared is
[33:28.420 --> 33:34.560]  congruent to X cubed plus seven mod this very large prime number. And the mod and the three
[33:34.560 --> 33:39.600]  lines on the equal sign means that we're talking about clock arithmetic. So in clock arithmetic,
[33:39.600 --> 33:44.800]  one o'clock and 13 o'clock and 25 o'clock are all the same thing because the, when the hour hand
[33:44.800 --> 33:51.740]  goes around, it repeats. So here we're talking about a clock that has like a, you know, a gigantic
[33:51.740 --> 34:00.540]  prime number, number of numbers on its dial. So Y and X, sometimes you'll see drawn in, you know,
[34:00.540 --> 34:06.180]  diagrams explaining what elliptic curves are. You'll see like a curvy shape to that. That's true
[34:06.180 --> 34:12.780]  if X and Y are real numbers, but in this case, X and Y are integers. And so it's not very helpful
[34:12.780 --> 34:18.200]  to have that image of a classic curve in your mind as you're doing this. Really what this is
[34:18.200 --> 34:24.960]  more like is you, you have a, you have a giant grid of X and Y points and the Xs are both
[34:24.960 --> 34:32.400]  integers. So you have points on the intersections of this giant, you know, graph paper and certain
[34:32.400 --> 34:39.180]  one, certain intersections on this graph paper are lit up. So when you have an X, Y combination
[34:39.180 --> 34:45.540]  that satisfies this equation, it's lit up. And to have an X, Y combination that satisfies this
[34:45.540 --> 34:53.560]  equation is a rare thing. It's, it's if you try to brute force and guess pairs of X, Y numbers
[34:53.560 --> 34:59.780]  that satisfy this equation, because this prime number, this modulus number is so huge,
[34:59.780 --> 35:06.080]  it's, it would take a, you know, unimaginably long time, like, you know, 10 to the 40, 50,
[35:06.080 --> 35:11.060]  something like that years to basically brute force and try to figure out an X, Y combination
[35:11.060 --> 35:17.660]  on your own that satisfies this equation. But yet there's more. So as part of the elliptic
[35:17.660 --> 35:23.020]  curve definition, there's a base point that is defined. So I'm saying piece of B, that's the
[35:23.020 --> 35:30.520]  coordinate X of B, Y sub B. So there's a certain point in this vast grid paper of very sparse
[35:30.520 --> 35:35.180]  points on it. There's a certain point that's called the base point. That one's special.
[35:35.180 --> 35:42.000]  That one is told to you by the elliptic curve kind of standard, right? So basically the formula
[35:42.000 --> 35:47.520]  for the curve is given and the solution, a solution to this curve is also given to you.
[35:47.520 --> 35:53.520]  Furthermore, there's a third step that you can use. So that is given that you know a solution,
[35:53.520 --> 35:59.480]  there's a way to calculate N times that base point solution, which is another solution,
[35:59.480 --> 36:05.960]  piece of N. So in other words, if somebody tells you N, a number N, you can figure out the Nth
[36:05.960 --> 36:12.940]  point on this graph paper by doing some simple manipulations on the base point, which you are,
[36:12.940 --> 36:17.020]  which you have knowledge of, which you know, because it's part of the standard of the elliptic
[36:17.020 --> 36:25.120]  curve. So if you want to go from N to piece of N, you can compute that, but the inverse is not
[36:25.120 --> 36:30.900]  calculable. So piece of N to N doesn't, you have to brute force that. And so that's the asymmetry
[36:30.900 --> 36:40.100]  behind the encryption process. So what that means is that the, the number N is a private key.
[36:40.100 --> 36:48.080]  That's the secret. And that knowing that number N is the authorized signature to spend the money
[36:48.080 --> 36:54.380]  that is associated with the private, the public key piece of N. What this really means is getting
[36:54.540 --> 36:58.960]  a new, a Bitcoin account really means you're picking a number, you're picking a number in this
[36:58.960 --> 37:06.000]  vast numeric field. You're calling that number yours. And you're keeping that number secret,
[37:06.000 --> 37:13.700]  just like you would keep like, just like Coca-Cola keeps the formula to its soft drink secret. It's
[37:13.700 --> 37:19.380]  this piece of information that you can write on an index card, but you need to keep secret because
[37:19.380 --> 37:25.000]  it's the, it's the keys to the kingdom. So that's what's going on in Bitcoin is that you, you and
[37:25.000 --> 37:34.100]  you alone are in, are the person who knows the existence of this one certain point on the elliptic
[37:34.100 --> 37:41.340]  curve, which is yours. And those, that elliptic curve point is described by two numbers, the X
[37:41.340 --> 37:47.540]  coordinate and the Y coordinate, right? One of those you make public and the other one you keep
[37:47.540 --> 37:52.300]  secret and they're linked to each other. So that's why it's not like a password where you can just
[37:52.300 --> 37:57.240]  change the X, Y numbers that you're assigned. It's, it doesn't work like that. There's a math
[37:57.240 --> 38:05.740]  equation behind it. So that X, Y pairing is unchangeable. It's, it's not modifiable so that
[38:05.740 --> 38:10.320]  if somebody, you know, forgets their secret, there's no recourse to get their money.
[38:13.280 --> 38:18.400]  All right. So moving on to how does writing a check work in a network like this? So there's secure
[38:18.400 --> 38:22.700]  message signing, which is facilitated by the elliptic curve math that I showed on the last
[38:22.700 --> 38:29.600]  slide. So what a sender does is take a message and combine that with their private key. Once you
[38:29.600 --> 38:33.980]  take a message and combine that with a private key, you get a signature, which is just a sequence
[38:33.980 --> 38:39.620]  of bytes, which is derived from the combination of the message and the private key. So the signature
[38:40.140 --> 38:47.100]  can only have been made by somebody who had the message and the private key. So once the sender
[38:47.100 --> 38:52.400]  does this, basically generates a signature based on their message and their private key, they would
[38:52.400 --> 38:58.320]  send out the message and the signature. They would definitely not send out the message and
[38:58.320 --> 39:02.300]  their private key because then that would leak the, you know, basically their signature for,
[39:02.300 --> 39:08.020]  for signing. They would send out the message and the signature. So the recipient now gets this
[39:08.020 --> 39:14.680]  purported message from the sender, plus the signature from the sender. And the recipient
[39:14.680 --> 39:19.720]  also knows the sender's public key. So because that is supposed to be a data point that is
[39:19.720 --> 39:24.840]  associated per person. So with those three pieces of information, you can get a binary verification
[39:24.840 --> 39:30.080]  result. You get a result that says, yes, that was a legitimate message by the, this person, or no,
[39:30.080 --> 39:37.080]  it was not. And so sending Bitcoin means that you're sending this signed message to the Bitcoin
[39:37.080 --> 39:43.680]  network. This, this kind of message signing happens in all, in a variety of computing contexts. For
[39:43.680 --> 39:52.280]  example, HTTPS uses this and here we're just using it in a financial kind of like a self-contained
[39:53.120 --> 40:01.240]  accounting system point of view. So interestingly, knowledge of the private key, which is a form of
[40:01.240 --> 40:09.860]  speech, is now tantamount to money. Knowledge is tantamount to money. And so that makes that,
[40:09.860 --> 40:20.840]  for the era that we're living in, the idea that just knowledge of something can in itself be cash.
[40:23.240 --> 40:30.760]  All right, third. So once you have a person who has a Bitcoin account and they sign a message
[40:30.760 --> 40:36.060]  saying, I want to spend this Bitcoin, who's going to do the processing? Who's going to make sure
[40:36.060 --> 40:41.100]  it's legit? And so on. So that is done by a network of miners in Bitcoin. So miners
[40:41.320 --> 40:46.860]  are just a word for peer-to-peer Bitcoin accountants. So peer-to-peer, meaning that
[40:46.860 --> 40:54.480]  there is no boss computer, there is no super user in this network. They are all equal. So
[40:54.480 --> 41:00.860]  how do they settle disputes? It's basically, they gossip a lot and they do majority rules.
[41:00.860 --> 41:05.540]  So that's, that's basically how they, they figure out who's right, if there's a disagreement between
[41:05.540 --> 41:11.100]  them. Now, each of these Bitcoin accountants have pre-programmed into them, the, like the
[41:11.100 --> 41:17.520]  elliptic curve, they have pre-programmed into them the code that determines whether an incoming
[41:17.520 --> 41:23.300]  message is legit or not. And so each of these accountants, when, when they receive a spend
[41:23.300 --> 41:29.640]  message, they will check it. And if it's legit, then they will pass that message on to their
[41:30.660 --> 41:35.260]  compatriots. So this is what I meant by gossipy accountants. So each of these miners is,
[41:35.260 --> 41:40.340]  is taking in incoming messages for spend instructions around the world,
[41:40.340 --> 41:45.020]  checking them for themselves. And then if they're correct, they'll spread those messages around.
[41:45.620 --> 41:51.620]  So every 10 minutes on average, you have a list of transactions then that has been
[41:51.620 --> 41:58.080]  kind of building up in that time. And so that's called a block. A block is simply a list of valid
[41:58.080 --> 42:06.280]  signed spend messages. Now, how do we make sure that this global network of computers,
[42:06.280 --> 42:13.860]  of which there is no one boss, is going to properly process these messages? Well,
[42:14.340 --> 42:19.860]  in addition to having the rules of allowance kind of programmed into them, they, there's what's
[42:19.860 --> 42:27.280]  called proof of work. And so what proof of work is, is that in each block, there is a small data
[42:27.280 --> 42:32.780]  field within each block called the nonce. The nonce is something that it's a blank data field
[42:32.780 --> 42:41.660]  that each miner is free to fill with whatever random bits they want. Now, in this system, a
[42:41.660 --> 42:48.800]  block is not accepted by the network until the hash of the block is lower than a certain number
[42:48.800 --> 42:53.640]  called the difficulty. So this is something that's hard to get your head around if this is the first
[42:53.640 --> 42:57.020]  time you're hearing it, because usually when you think about hash functions, you don't care about
[42:57.500 --> 43:02.680]  what the hash function is, you just care that the hash function matches something else. For example,
[43:02.680 --> 43:06.980]  if you're checking the download of a file, you want to take a hash of what it is you downloaded
[43:06.980 --> 43:11.240]  and check that against the hash of what you think you downloaded and make sure that they match.
[43:11.400 --> 43:16.800]  Here in this case, we actually care if the hash starts with a zero, or a one, or a two,
[43:16.800 --> 43:21.880]  or what the hash starts with. In fact, we care about what the first several digits of the hash
[43:21.880 --> 43:27.980]  starts with, and we will require them typically to all be zeros. So what that ends up meaning is
[43:27.980 --> 43:35.980]  that each of these miners is going to try repeatedly, and most often fail, to find a nonce
[43:36.600 --> 43:44.160]  that causes a block of spend messages to be considered valid. So basically, you have this
[43:44.160 --> 43:49.240]  worldwide network of computers, each of them is churning away, brute force guessing different
[43:49.240 --> 43:56.200]  values of the nonce that will eventually, one of them will eventually succeed, and come up with a
[43:56.200 --> 44:02.300]  block that satisfies the difficulty. In other words, one miner in the world will take their
[44:02.300 --> 44:08.120]  page of transactions, which is, you know, the list of valid transactions from their point of view,
[44:08.120 --> 44:15.800]  combine that with a nonce, which was randomly generated, and then the hash of that entire block,
[44:15.800 --> 44:21.840]  that is the messages plus their nonce, the hash of that is going to be a bunch of zeros, and then
[44:21.840 --> 44:27.120]  some gibberish, right? So because it started with a bunch of zeros, that satisfies the difficulty,
[44:27.440 --> 44:35.720]  therefore that block is accepted by the network. The kind of announcement of this new block is,
[44:35.720 --> 44:41.460]  again, because the accountants here are very gossipy, the news of this is sent around the
[44:41.460 --> 44:46.800]  Bitcoin network, right? And so once all of the computers in the world get news of this new block,
[44:46.800 --> 44:54.660]  then they clear out the pending transactions in their own personal queues with the
[44:55.300 --> 45:00.320]  transactions that have been officially kind of ratified in this new block, and then they continue
[45:00.320 --> 45:05.980]  working on the next block. So the computer that succeeds in getting this done gets what's called
[45:05.980 --> 45:13.400]  the block reward, and so that's a Bitcoin payout to the nonce. So in Bitcoin, every Bitcoin in existence
[45:13.400 --> 45:19.900]  came into being as a payout to a miner helping to secure the network. So this is important to realize
[45:19.900 --> 45:24.720]  that sometimes you'll see, you know, people who have very little technical knowledge about
[45:24.720 --> 45:30.180]  cryptocurrency make a claim that, you know, Bitcoin is just some, you know, scam, it's
[45:30.180 --> 45:38.160]  some company that's out there to get, you know, money from people. Bitcoin is just a decentralized
[45:39.600 --> 45:44.540]  group of computers. Anyone can download the Bitcoin software, run it on their computer,
[45:44.540 --> 45:53.260]  and join this network. Anyone who does that has a probability of finding a
[45:53.260 --> 45:56.240]  nonce that satisfies difficulty and therefore getting the block reward.
[45:57.020 --> 46:03.900]  So contrary to the assertion that money in Bitcoin has gone to some third party,
[46:03.900 --> 46:09.300]  some centralized organization, that's not true. All of the block rewards in Bitcoin have gone
[46:09.300 --> 46:19.080]  out to miners who are helping to secure the network. Now again, we're in 2009 here. We're in a time,
[46:19.080 --> 46:25.180]  we're imagining that we're in a time in which Bitcoin did not have monetary fiat value. So
[46:25.180 --> 46:30.960]  we're thinking in terms of this self-contained system in which this kind of imaginary unit of
[46:30.960 --> 46:36.220]  account, Bitcoin, gets created, and we're going to try and see if it actually acts like money like
[46:36.220 --> 46:41.380]  it claims it might be able to. All right, so there's conflict resolution. So what happens if
[46:41.380 --> 46:46.020]  two computers on opposite sides of the world come up with a block at the same time? So this could
[46:46.020 --> 46:50.280]  happen, for example, with the latency that's introduced by the Great Firewall of China, that
[46:50.280 --> 46:57.080]  you could have computers within China coming up with a different idea of what the next legit block
[46:57.080 --> 47:04.080]  is relative to the outside of China world. So what happens then? Well, again, the miners are
[47:04.080 --> 47:19.790]  all gossipy, right? So the miner within China is going to likely to hear about that Chinese found
[47:19.790 --> 47:32.050]  block first. And so they will proceed with the network as if that is the legit block.
[47:32.090 --> 47:35.730]  So the same thing is going to happen in the non-Chinese world. There's going to be a different
[47:35.730 --> 47:42.490]  block that satisfies difficulty that will be deemed the next block in the chain.
[47:43.090 --> 47:48.550]  And then that news is to propagate among the miners in the non-Chinese world, right? So now you
[47:48.550 --> 47:53.870]  have this schism, you have a disagreement in the network as to the state of the network.
[47:53.870 --> 48:00.510]  What happens then? So basically, both halves of the network then proceed as normal, trying to work
[48:00.510 --> 48:07.670]  on the next block. And then one of them is going to come up with a block first. I suppose I could
[48:07.670 --> 48:12.570]  come up with it simultaneously, but that's highly unlikely, since the probability distribution of the
[48:12.570 --> 48:17.030]  time distribution between blocks is Poisson distributed, because it's basically a fixed
[48:17.030 --> 48:23.310]  probability per unit time that a block is going to be found. So that means that, on average,
[48:23.310 --> 48:31.190]  blocks come out every 10 minutes, but it's a highly peaked distribution in the short end,
[48:31.190 --> 48:37.810]  actually, of the 10 minutes. Most blocks are going to be found... the median block is going to be
[48:37.810 --> 48:48.830]  found, like, shorter than 10 minutes. So what happens is one of the blocks, either in the
[48:48.830 --> 48:54.690]  Chinese world or the non-Chinese world, find the next block. And because conflict resolution works
[48:54.690 --> 49:01.310]  in that the chain with the more hash power wins, whichever of those chains comes up with the longer
[49:01.310 --> 49:07.870]  chain first will be the winner. So for example, if the second block is found in the Western world
[49:07.870 --> 49:15.690]  first, then that block will be propagated around the world, it'll get past the Chinese firewall,
[49:15.690 --> 49:21.830]  eventually the Chinese mining commuters will see that, and they'll see that, oh, this chain that
[49:21.830 --> 49:26.350]  came from elsewhere is longer than our chain, so we're going to adopt the chain that has more
[49:26.350 --> 49:32.570]  proof-of-work behind it. So that's basically how the network self-heals itself against disagreements
[49:32.570 --> 49:38.870]  in the state of the network. So then finally, blockchain is a distributed append-only linked
[49:38.870 --> 49:46.110]  list of blocks with low-value hash-verified pointers. So to summarize, Nakamoto consensus
[49:46.110 --> 49:51.470]  synthesizes digital scarcity. There's account-level scarcity, which is basically property rights.
[49:51.470 --> 49:56.250]  What defines property rights in Bitcoin? It's enforced by the user's selection
[49:56.250 --> 50:00.690]  and their subsequent protection of an elliptic curve private key.
[50:01.330 --> 50:07.450]  Next is aggregate-level scarcity. That is, how do we know that there's not going to be an
[50:07.450 --> 50:13.330]  infinite number of Bitcoin created? It's because each of these miners have programmed into them
[50:14.010 --> 50:18.750]  a recognition that there's going to be a limit of 21 million Bitcoin produced,
[50:18.750 --> 50:27.830]  and if any rogue node is added to the network that has a different idea of coin issuance,
[50:27.830 --> 50:34.190]  because it's going to be vastly outnumbered by the rest of the network, its idea on what coin
[50:34.190 --> 50:38.110]  issuance should be is going to be ignored by the rest of the network. So that's how that gets
[50:38.110 --> 50:43.350]  enforced, is that the aggregate-level scarcity that is the macroeconomic money supply gets
[50:43.350 --> 50:47.610]  enforced by an open network of peer-to-peer accountants who are rewarded for behaving
[50:47.610 --> 50:53.050]  consistently with a consensus rule set. They're rewarded by getting the block reward. So basically,
[50:53.050 --> 51:00.410]  if a computer works under mistaken rules, and mistaken meaning minority, if a computer is
[51:00.410 --> 51:06.450]  working under minority rules, comes up with its own idea of a block, gives itself a block reward,
[51:06.450 --> 51:11.990]  then when it propagates that supposed good block to the rest of the network, it's not going to be
[51:11.990 --> 51:19.650]  recognized by the rest of the network. And so it might have succeeded in getting a block reward
[51:19.650 --> 51:25.050]  for itself, but it's not going to be in the currency that the rest of the network is using.
[51:26.690 --> 51:32.450]  Okay, finally, database modification scarcity. How do we establish record permanence in Bitcoin?
[51:32.450 --> 51:38.990]  Well, that is enforced by requiring that each page in the transaction block have a hash that
[51:38.990 --> 51:43.690]  is smaller than the dynamically adjusted difficulty threshold. So the fact that the
[51:43.690 --> 51:48.970]  difficulty threshold is dynamically adjusted according to how many computers are currently
[51:48.970 --> 51:55.510]  active on the network, that is how a 10-minute block time gets established on average, even if
[51:55.510 --> 52:05.050]  computers leave or join the network. Okay, so let's contrast that with the scarcity features of Monero.
[52:05.050 --> 52:12.230]  So first, code is a scarce asset. Unfortunately, in much of the cryptocurrency world,
[52:12.230 --> 52:18.010]  new currencies get made by basically copy-pasting Bitcoin's code, changing a few
[52:18.650 --> 52:23.850]  lines of it, and then declaring that you've created a new cryptocurrency. So in that sense,
[52:23.850 --> 52:30.650]  they're not really using any scarcity of their own intellectual property. They're basically
[52:30.650 --> 52:35.950]  copying off the Bitcoin intellectual property, which is open source. That's a kind of an
[52:35.950 --> 52:40.130]  unfortunate drawback of that, is that it's open for everyone to look at and to copy,
[52:40.130 --> 52:46.490]  but that's the downside. It's open for everyone to copy. So unlike the situation, for example,
[52:46.490 --> 52:53.270]  in precious metals, where authentication is a difficult thing, right? So if you have a gold bar,
[52:53.270 --> 52:58.690]  the chief worry is that the gold bar that you bought is actually gold-plated tungsten, right?
[52:58.690 --> 53:06.070]  For example, there's a case in China where there's a very significant storage of gold bars
[53:06.070 --> 53:14.390]  that was being used as collateral for loans. And it turns out that tons and tons of gold was
[53:14.390 --> 53:21.590]  actually tungsten with gold plating on it. So this is a problem in precious metals that happens to
[53:21.590 --> 53:25.890]  the big boys, too, not just the retail little guys. But even little guys, you have to worry
[53:25.890 --> 53:30.790]  about that, too. You have to worry about, is this shiny piece of metal? It looks legit,
[53:30.790 --> 53:36.210]  but is it legit? And so you have a challenge in precious metals to do authentication. That is,
[53:36.210 --> 53:42.170]  you have to buy devices to check and make sure that the conductivity and the resistivity and
[53:42.170 --> 53:47.070]  the density and all the properties of the metal that you think are going to be true are actually
[53:47.070 --> 53:53.970]  true. And even then, you don't know, because the only real test is to do destructive testing,
[53:53.970 --> 53:59.430]  stick the thing in a furnace, you know, and melt it down and see what you've really got.
[53:59.870 --> 54:05.050]  In contrast to that, in cryptocurrency, authentication is not that big of a
[54:05.050 --> 54:10.770]  problem. So basically in Bitcoin, it's easy to see if a Bitcoin is legit.
[54:10.770 --> 54:16.730]  The problem in cryptocurrency is that the falsehood happens in the myriad of cryptocurrencies
[54:16.730 --> 54:23.890]  that exist that offer nothing of value. So basically, that is the challenge for an investor
[54:23.890 --> 54:30.010]  or, you know, anyone new getting into cryptocurrency is wading through all of this,
[54:30.920 --> 54:36.190]  all of these low quality projects and figuring out where the good ones are.
[54:36.610 --> 54:43.270]  All right, so Monero's code base is not a copy of Bitcoin's. It started from the ground up
[54:43.270 --> 54:50.970]  as its own thing. So this is, I'd say it's a pretty strong acid test of legitimacy is,
[54:50.970 --> 54:56.130]  can something start from its own with a code base that is totally not derived from
[54:57.190 --> 55:00.610]  Bitcoins and survive and do something useful for humanity?
[55:02.130 --> 55:08.270]  All right, the elliptic curve used in Monero is different too. So Monero uses ED25519.
[55:08.270 --> 55:14.890]  So this is yet another source of technical hedging. So to the extent that one of
[55:14.890 --> 55:19.890]  Bitcoin's weaknesses could be its reliance on this particular elliptic curve,
[55:19.890 --> 55:26.950]  one can hedge one's reliance on that by looking at a alternate elliptic curve as a basis for a
[55:26.950 --> 55:35.350]  cryptocurrency like Monero does. In Monero, there are dual private keys. So there's a spend key and
[55:35.350 --> 55:41.130]  spend money, just like knowledge of the key is in Bitcoin. But in Monero, there's a second key.
[55:41.130 --> 55:46.290]  There's a view key, which is basically like a cryptographic subset of the spend key. If you
[55:46.290 --> 55:52.270]  know the view key, then you can look at details of transactions that you were involved in.
[55:52.470 --> 55:59.090]  So it basically offers an opt-in transparency. So one of the misconceptions about Monero,
[55:59.090 --> 56:04.310]  it's just this completely secret box where you can tell nothing about what's going on in it.
[56:04.310 --> 56:09.290]  You can. And you can actually share details of what's going on in your particular Monero account
[56:09.290 --> 56:17.470]  if you share your view key. The address space is different. It's larger in Monero. It's 10 to 76
[56:17.470 --> 56:26.490]  versus 10 to the 60 in BTC. But there's a cost to that expanded address space, which has a pro
[56:26.490 --> 56:31.810]  in that it reduces the birthday problem, which is the birthday problem being the probability that
[56:31.810 --> 56:38.890]  the account number that you personally choose for your crypto account is going to, by random,
[56:38.890 --> 56:43.550]  be the same as the number that somebody else somewhere else in the world chooses for their
[56:43.550 --> 56:47.610]  crypto account. And you have a conflict because now you have two people who actually have
[56:47.610 --> 56:53.050]  the knowledge of the spend key for a account, not just the one that it's supposed to be.
[56:53.210 --> 56:59.270]  So that probably goes down in Monero, but there's a cost to that. That is of complexity. So for
[56:59.270 --> 57:06.250]  example, the addresses in Monero are quite a bit longer than they are in Bitcoin, which has
[57:06.250 --> 57:13.730]  an effect on user friendliness. The emission schedule is different. So in Monero, there's
[57:13.730 --> 57:20.450]  kind of a theme in that this project looks at how things are done in Bitcoin, gives it
[57:20.450 --> 57:27.790]  due and proper respect as the granddaddy of the space, but then thinks, well, what could we do
[57:27.790 --> 57:34.030]  that's maybe even better than that? And the emission schedule, in my opinion, is one of those.
[57:34.030 --> 57:40.010]  So it's continually decreasing. There is not a four-year half-mean cycle. So in Bitcoin,
[57:40.010 --> 57:47.750]  every 210,000 blocks, the size of the miner's reward gets cut in half. So that means if you're
[57:47.910 --> 57:53.590]  a miner in Bitcoin, there's a date every four years, approximately, circled on your calendar
[57:53.590 --> 57:59.670]  in red, in which your income is going to get cut in half. So that introduces a lot of drama
[57:59.670 --> 58:08.430]  in the mining world. So it's hard for any business to make plans if your income and
[58:08.430 --> 58:14.770]  your expenses are unpredictable or change drastically over time. So that's exactly
[58:14.770 --> 58:21.970]  what happens in Bitcoin with the mining reward happening as it does. In Monero, we have a
[58:22.690 --> 58:25.640]  continuously decreasing schedule.
[58:27.700 --> 58:33.750]  In Monero, we have what we think is a solution to a form of unwanted scarcity.
[58:33.750 --> 58:42.510]  A form of unwanted scarcity is the future miner rewards. So in Bitcoin, the mining reward
[58:42.510 --> 58:50.180]  is projected to get cut in half every four years, approximately, until it's basically zero.
[58:50.180 --> 58:56.620]  And so at that point, who is going to reward the network miners for doing the accounting work of
[58:56.620 --> 59:02.580]  the network? In Bitcoin, it's hypothesized that a fee network, basically user fees, are going to
[59:02.580 --> 59:11.200]  step in and make up the difference. But there are papers that question the viability of such
[59:11.360 --> 59:17.120]  a system. And so what we do in Monero is called the tail emission. So basically, in Monero,
[59:17.120 --> 59:22.700]  the block reward is never going to be smaller than 0.3 Monero per minute. We call this the
[59:22.700 --> 59:27.180]  tail emission. We call it the tail emission because you have a distribution with a tail,
[59:27.180 --> 59:34.560]  and the tail extends out far into time. So often this gets described as being infinite
[59:35.240 --> 59:41.180]  emission, which I suppose is technically true. As time goes to infinity, yes, the emission will go
[59:41.180 --> 59:47.740]  to infinity. But in practice, no human is going to live to the limit as t goes to infinity. That's
[59:47.740 --> 59:55.160]  basically a theoretical construct that's useful in calculus. But as far as, you know, mortal humans
[59:55.160 --> 01:00:03.300]  are concerned, it is quite sufficient to know that the coin supply is going to be such and such a
[01:00:03.300 --> 01:00:08.340]  level in 10 years from now, 20 years from now, 50 years from now, 100 years from now. It is not
[01:00:08.340 --> 01:00:15.460]  necessarily relevant to a mortal human what the emission is as time goes to infinity.
[01:00:16.680 --> 01:00:26.540]  Secondly, the absolute value of coin emission is not that relevant. It's actually annualized
[01:00:26.540 --> 01:00:31.960]  inflation. That is, what is the percentage of inflation that takes place in a supply,
[01:00:31.960 --> 01:00:37.300]  like, say, over a year's time? That is more relevant. And so if you have a situation like
[01:00:37.300 --> 01:00:42.940]  you have in Monero, in which the coin emission is growing linearly over time, it means with
[01:00:42.940 --> 01:00:49.460]  linear growth, you have a growth rate, a growth percentage rate, which is asymptotically going
[01:00:49.460 --> 01:00:55.560]  to zero over time. And in any macroeconomic theory, it's the inflation rate that is relevant
[01:00:55.560 --> 01:01:04.660]  to a theory. So basically, the difference between equal zero inflation, which is what you have in
[01:01:04.660 --> 01:01:11.640]  Bitcoin versus asymptotically zero, which is what you have in Monero, it's irrelevant. It gets
[01:01:11.640 --> 01:01:17.400]  swallowed up in the noise of whatever macroeconomic theory you're looking at. So what do we get
[01:01:18.120 --> 01:01:26.860]  in exchange for this very small kind of, I guess, you know, giving up of a continual
[01:01:28.120 --> 01:01:33.500]  block reward into perpetuity? Well, at least in Monero, we know that minor incentives are
[01:01:33.500 --> 01:01:38.420]  guaranteed forever. We don't worry about who is going to be forced to pay for this,
[01:01:38.420 --> 01:01:45.620]  which is, it actually was one of the causes of the civil war and the divorce a few years ago
[01:01:45.620 --> 01:01:52.200]  within Bitcoin was that there is a disagreement as to how much of a load should the transactors
[01:01:52.200 --> 01:01:57.520]  of the coin be paying? Is it okay that people actually transacting in the coin are
[01:01:57.520 --> 01:02:02.840]  paying hundred dollar fees to make one transaction? Is that okay or not? There's a disagreement of that
[01:02:02.840 --> 01:02:10.400]  over that in Bitcoin. And the argument for, yes, it is okay for them to be paying that is that,
[01:02:10.400 --> 01:02:16.160]  well, eventually minor rewards are going to go to zero. And so we're going to rely on user fees to
[01:02:16.160 --> 01:02:20.400]  pay the miners. So they better get used to it because, you know, this is going to be the future
[01:02:20.400 --> 01:02:24.260]  is that, you know, the fees are going to pay the miners. So, you know, they better just get used
[01:02:24.260 --> 01:02:30.900]  to ponying up the money. So anyway, without getting too much into that, you know, civil war,
[01:02:30.900 --> 01:02:37.280]  that's something that we avoid in Monero by having this tail emission. All right. So I mentioned that
[01:02:37.280 --> 01:02:42.920]  as a physicist, I like to look at data. So I'm going to show some of it here. This is looking
[01:02:42.920 --> 01:02:49.260]  at supply emission. So this is over time, how many Bitcoin have there been in existence? And again,
[01:02:49.260 --> 01:02:55.420]  each one of these Bitcoin was given in the past to a computer as a reward for doing the computing
[01:02:55.420 --> 01:03:01.180]  power of maintaining the network of who owns what within Bitcoin. So you can see the
[01:03:01.820 --> 01:03:08.360]  solid part of this Bitcoin line is what actually happened. And that is taken from block explorers.
[01:03:08.360 --> 01:03:15.420]  In this case, I'm using blockchain.com. And what's shown in the light shaded gray, like the not solid
[01:03:15.420 --> 01:03:20.120]  black, but the gray, that is projecting into the future what the supply emission of Bitcoin is
[01:03:20.120 --> 01:03:26.060]  going to be. And that is basing that off the Bitcoin white paper. So the Bitcoin white paper
[01:03:26.060 --> 01:03:33.240]  basically is what programmed all the computers that generated this line for the last 11 years.
[01:03:33.320 --> 01:03:38.240]  And so you can kind of, you know, have some confidence that the future coin emission of
[01:03:38.240 --> 01:03:45.740]  Bitcoin is going to be what was predicted as well. And so let's not kind of dismiss or downplay
[01:03:45.740 --> 01:03:53.320]  the, you know, how crazy this is in terms of monetary policy. This is a monetary system
[01:03:53.320 --> 01:03:59.100]  in which the emission is declared in advance. And not only is it declared in advance,
[01:03:59.100 --> 01:04:06.520]  like there's an 11-year track record of it actually happening as predicted. So you can't
[01:04:06.520 --> 01:04:13.640]  have a situation like a, you know, for example, a pandemic causing a committee of, you know, men
[01:04:13.640 --> 01:04:19.640]  in a boardroom deciding that it's time to print a bunch of money. That doesn't happen in Bitcoin.
[01:04:20.540 --> 01:04:26.660]  All right. We can look at Monero's supply emission as well. So again, in Monero, we do not
[01:04:26.660 --> 01:04:32.360]  have four-year halvenings. So in contrast to this Bitcoin line, which you see has these kinks in it
[01:04:32.360 --> 01:04:38.600]  every four years or so, there's a, it's like basically it's a piecewise linear emission line.
[01:04:38.600 --> 01:04:46.180]  Monero's curve is actually smooth. And so again, to the left of the present between 2014, which is
[01:04:46.180 --> 01:04:51.440]  when Monero came into existence. And now you can see this very smooth curve. It looks like that's
[01:04:51.540 --> 01:04:55.180]  a theoretical curve, but that's actually not a theoretical curve. That is actually, that is
[01:04:55.180 --> 01:05:00.240]  empirical data that I'm showing on the left on Monero. And then on the right, there's a formula
[01:05:00.240 --> 01:05:05.400]  that declares, just like in Bitcoin, it declares what the coin emission is going to be. And in
[01:05:05.400 --> 01:05:13.360]  Monero, just like in Bitcoin, all of the coin reward that is now in existence was once given
[01:05:13.360 --> 01:05:19.020]  in the past to a miner that helped do the accounting work in the Monero network. There was no
[01:05:19.020 --> 01:05:26.480]  centralized company. There was no kind of person behind the scenes getting a cut of the action.
[01:05:26.480 --> 01:05:32.260]  Now, all of the money that was rewarded in Monero was given to a random computer out there
[01:05:32.260 --> 01:05:37.720]  in the Monero network that just happened to come up with a difficulty-satisfying nonce,
[01:05:37.720 --> 01:05:44.980]  therefore coming up with a rare set of data that could be added to the Monero blockchain.
[01:05:46.060 --> 01:05:51.440]  All right, and so the tail emission in Monero, you can see it as this very gradual slope that
[01:05:51.440 --> 01:05:57.980]  continues upward. The tail emission is going to get hit not too long from now, and then it'll
[01:05:57.980 --> 01:06:05.860]  continue in perpetuity. All right, here's year-over-year supply inflation. And in case
[01:06:05.860 --> 01:06:16.220]  you've seen Monero means money, which is the lecture I was a part of, which featured my
[01:06:16.220 --> 01:06:22.420]  last keynote lecture that I gave at 3063 in Leipzig, Germany, I also showed a version of
[01:06:22.420 --> 01:06:31.680]  this plot. What I had to do this year to make this plot actually fit was to change the scale
[01:06:31.680 --> 01:06:38.820]  of the y-axis. So it was 20% before, it's 30% now, and that is because I had to fit the supply
[01:06:38.820 --> 01:06:44.280]  inflation of the U.S. dollar that's shown in green. And so you can see that spike there is
[01:06:44.280 --> 01:06:52.920]  post-pandemic, and the MZM money supply line inflation, that is the amount of
[01:06:52.920 --> 01:07:01.060]  USD in circulation now versus one year ago, is up 30%. So you have this kind of
[01:07:01.060 --> 01:07:08.940]  interesting turn of events in which just a few years ago, it was cryptocurrencies that had the
[01:07:08.940 --> 01:07:15.840]  drastic supply inflation, as the cryptocurrencies were trying to get Boeing put out there.
[01:07:17.860 --> 01:07:23.520]  But now we're coming on a new era of scarcity in cryptocurrencies, in which the inflation
[01:07:23.520 --> 01:07:31.060]  rates of both Bitcoin and Monero are now on the sub-3% level. They're continuing to drop.
[01:07:31.480 --> 01:07:36.520]  And interestingly, you can also see there's going to be an eight-year period, basically,
[01:07:36.520 --> 01:07:42.240]  between now and about 2028, in which the inflation rate of Monero is actually going
[01:07:42.240 --> 01:07:47.660]  to be smaller than that of Bitcoin. So if you want to, if scarcity, you know, if extreme scarcity
[01:07:47.660 --> 01:07:55.480]  is something that interests you, Monero should be a contender on your list. Here, I'm showing also
[01:07:55.480 --> 01:08:02.320]  the inflation curve for gold. So the World Gold Council keeps track of an estimate every year of
[01:08:02.320 --> 01:08:11.880]  how much gold it thinks exists. And it calls it its estimate above ground gold. So basically,
[01:08:11.880 --> 01:08:17.880]  it's not counting the gold in the ground that hasn't been mined yet. It's not counting estimates
[01:08:17.880 --> 01:08:23.420]  of that. It's only counting estimates of, you know, ore that's been mined and processed and
[01:08:23.420 --> 01:08:31.580]  turned into bullion. So if you look at that, the inflation rate of gold has been roughly 1.81%,
[01:08:31.580 --> 01:08:35.860]  if you average that out over all of the data that it's provided.
[01:08:36.360 --> 01:08:40.580]  So we tend to think of gold as not being inflationary, but the money supply of gold
[01:08:40.580 --> 01:08:46.360]  actually does inflate as, you know, it gets dug out of the ground every year at this rate of,
[01:08:46.360 --> 01:08:52.160]  pretty steady rate of about 1.8% per year. So if you think of gold as being sound money, that
[01:08:52.160 --> 01:08:59.240]  basically introduces this figure, like basically this 1.8% per year figure. Like if you have some
[01:08:59.240 --> 01:09:07.980]  source of scarcity, that is, I'd say around or below that 1.8% per year figure, then it's a
[01:09:07.980 --> 01:09:13.180]  candidate for being called sound money. And so I would say, I would posit that both Bitcoin and
[01:09:13.180 --> 01:09:18.960]  Monero, if they don't technically meet that definition right now, they certainly will
[01:09:18.960 --> 01:09:24.080]  be literally below the year over year supply inflation rate of gold by the end of 2020.
[01:09:24.080 --> 01:09:34.370]  And it'll just drop after that. All right, there's another form of unwanted scarcity
[01:09:34.370 --> 01:09:38.950]  that I want to talk about, that is mining hardware. And so miner reward should scale
[01:09:38.950 --> 01:09:43.370]  with miner expense. So in the Bitcoin white paper, there's this phrase, one CPU, one vote.
[01:09:43.370 --> 01:09:50.390]  And what that means is that, you know, you basically want to be fair to the miners. You want to
[01:09:51.650 --> 01:09:57.050]  have every miner's probability of hitting a block reward be proportional to the investment that they
[01:09:57.050 --> 01:10:04.150]  put in to securing the network. Now, unfortunately, silicon economies of scale destroy this linearity.
[01:10:04.150 --> 01:10:11.470]  So if you have an algorithm that is simple enough that you can design a piece of silicon to do
[01:10:11.470 --> 01:10:17.870]  nothing but that algorithm super efficiently, then you'll have an advantage over general purpose
[01:10:17.870 --> 01:10:23.650]  computing devices like CPUs, and to a lesser extent, GPUs that are meant to be general purpose.
[01:10:23.650 --> 01:10:29.730]  They're not optimized for this certain problem. So in Bitcoin, you have exactly this situation.
[01:10:29.730 --> 01:10:36.190]  So the proof-of-work algorithm in Bitcoin is simple enough that ASICs got custom designed to do
[01:10:36.190 --> 01:10:45.610]  nothing but a Bitcoin proof-of-work algorithm over and over. And so at this point, ASICs are what are
[01:10:46.590 --> 01:10:55.290]  practically dominating the Bitcoin mining network. It is simply a silly exercise for any, you know,
[01:10:55.290 --> 01:11:03.150]  little guy, any one of us to put our, you know, our little gaming rig on the Bitcoin network and
[01:11:03.150 --> 01:11:09.350]  think that we have any infinitesimal chance of getting a Bitcoin reward. I mean, basically,
[01:11:10.210 --> 01:11:14.830]  it's like lotto sorts of chances. It's like, you might as well just, you know, go buy lottery
[01:11:14.830 --> 01:11:21.970]  tickets. It's that bad of a return on investment for someone who does not have the requisite
[01:11:21.970 --> 01:11:28.270]  hardware. And unfortunately, all of the requisite hardware happens to be all made in China. So
[01:11:28.270 --> 01:11:33.510]  Bitcoin mining currently is a Chinese dominated oligopoly. Now, this is not necessarily a problem
[01:11:33.510 --> 01:11:39.610]  that it's China. The problem is that it's just one part of the world that effectively has a monopoly
[01:11:39.610 --> 01:11:45.630]  on the production of the necessary equipment to maintain the accounting system.
[01:11:46.250 --> 01:11:53.610]  So in Monero, we have taken steps to try to keep the proof of work algorithm viable for small,
[01:11:53.610 --> 01:11:59.150]  independent miners who don't necessarily have, for example, $50 million to spend on their own
[01:11:59.150 --> 01:12:06.570]  silicon fabrication facility, or, you know, have social inroads with the CEOs of the companies who
[01:12:06.570 --> 01:12:13.390]  do have these silicon fabs. So if you look at the proof of work at Monero, since 2018,
[01:12:13.390 --> 01:12:20.290]  it has changed four times. This is remarkable for any cryptocurrency. We've done it four times.
[01:12:20.290 --> 01:12:25.070]  It started out as Kryptonite, then Kryptonite v2 came, Kryptonite v3, then Kryptonite R,
[01:12:25.070 --> 01:12:31.370]  and now RandomX. So this is looking at, again, data from the Monero blockchain.
[01:12:31.370 --> 01:12:37.610]  And this is looking at Monero network difficulty. So in other words, this is the number that is
[01:12:37.610 --> 01:12:45.090]  required for miners to successfully submit a new block to the Monero blockchain. So the higher the
[01:12:45.090 --> 01:12:52.050]  number, the higher the difficulty, that means the more competing computers there are doing the
[01:12:52.050 --> 01:12:58.050]  accounting work on the Monero network. So you can see, and so on this timescale, we're starting at
[01:12:58.050 --> 01:13:04.590]  April 2014, which is when April 2014 is when Monero started. So through version 0.11,
[01:13:04.590 --> 01:13:09.310]  the proof of work was Kryptonite. But then you see here, there's this spike up in the difficulty,
[01:13:09.310 --> 01:13:15.030]  and that was basically due to ASICs having figured out how to do Kryptonite efficiently on ASICs,
[01:13:15.030 --> 01:13:19.830]  making an ASIC to do that, putting it on the network, and then basically running away with
[01:13:19.830 --> 01:13:25.050]  the vast majority of the miner rewards. So that caused a fair bit of alarm within the
[01:13:25.050 --> 01:13:32.070]  Monero community, and steps were taken to basically render these ASICs useless. So that's
[01:13:32.070 --> 01:13:40.070]  Kryptonite v2 came out with v0.12 in early 2018. That worked for a while, but then there's basically
[01:13:40.070 --> 01:13:47.350]  just a lag time before the development of an ASICs to do Kryptonite v2. So once there was
[01:13:48.090 --> 01:13:54.690]  another alarming spike up in the difficulty rate, well, Kryptonite v3 went out. And these were all
[01:13:54.690 --> 01:14:01.250]  hard forks. So these all were changes that had to be adopted by everyone on the Monero network,
[01:14:01.250 --> 01:14:08.350]  otherwise they would be mining an obsolete coin. So it... and this process continued again. So
[01:14:08.350 --> 01:14:12.550]  then in 2019, there was another spike in the hash rate. So we went with Kryptonite R. And then
[01:14:12.550 --> 01:14:20.690]  finally, around Thanksgiving of last year, is when RandomX got put into the network in v0.15.
[01:14:20.690 --> 01:14:28.870]  And all signs so far are that things are looking good as far as keeping the network open and
[01:14:28.870 --> 01:14:34.430]  available for little guys with just a CPU, just a gaming computer, for example, that they set to
[01:14:34.430 --> 01:14:42.270]  mine, you know, overnight or whatever. People like that have a shot at mining a block in Monero.
[01:14:46.210 --> 01:14:50.170]  All right, there's another form of unwanted scarcity, and that's access to layer one.
[01:14:50.170 --> 01:14:56.150]  And that is, can you actually get a transaction onto the network during, say, busy times,
[01:14:56.150 --> 01:15:03.470]  during peak times? So this is another cause of a civil war in Bitcoin. There's a one megabyte
[01:15:03.470 --> 01:15:14.010]  limit in the Bitcoin code. So basically, Satoshi, in a kludgy, hacky way to prevent the network from
[01:15:14.010 --> 01:15:21.230]  getting spammed, Satoshi coded in a one megabyte hard-coded limit on the size of every new block
[01:15:22.490 --> 01:15:27.750]  and saying that it was a temporary thing. But is this actually temporary? Should it have been
[01:15:27.750 --> 01:15:32.810]  removed? Like, basically, a few years ago, when interest was picking up in Bitcoin and
[01:15:32.810 --> 01:15:37.750]  the block sizes were running up against this one megabyte limit, you had two camps.
[01:15:38.950 --> 01:15:42.470]  You know, again, if you're new to crypto, I guess I don't want to go too much into
[01:15:42.470 --> 01:15:48.610]  details of this messy civil war and divorce. And even though they've divorced, they're still at
[01:15:48.610 --> 01:15:57.850]  war. Basically, the first thing you have to do if you want to be in the social circles of Bitcoin
[01:15:57.850 --> 01:16:04.010]  is you have to declare your allegiance, whether you have allegiance to Bitcoin Core or Bitcoin
[01:16:04.890 --> 01:16:11.870]  Cash or Bitcoin SV. And then you have to declare your unending scorn and hatred for everyone else
[01:16:11.870 --> 01:16:17.650]  and the other, you know, forks who don't do things right. They just don't get it for this and that
[01:16:17.650 --> 01:16:23.570]  reason. And, you know, this bickering has been going on for years, and it really hasn't
[01:16:23.570 --> 01:16:32.230]  dissipated much since then. But anyway, it's an example of what, I guess, can go wrong within
[01:16:32.450 --> 01:16:39.390]  a crypto community is that you have like a civil war blow up of a seemingly technical parameter.
[01:16:39.390 --> 01:16:45.490]  So, again, in the Monero community, we've looked at what Bitcoin's done and we've, I think, taken
[01:16:45.490 --> 01:16:52.690]  steps to try to avoid at least the, you know, direct brunt of the drama that results from
[01:16:52.690 --> 01:16:58.230]  making some of these decisions. So in Monero, instead of having a hard-coded limit on how big
[01:16:58.230 --> 01:17:05.270]  blocks can be, we have an adapted block weight algorithm. It used to be called adaptive block
[01:17:05.270 --> 01:17:10.170]  size, but then, you know, some improvements got made to it. Now it's called adaptive block weight.
[01:17:10.330 --> 01:17:16.350]  I will spare you the details in this talk, but ArcticMine actually is going to be talking right
[01:17:16.350 --> 01:17:23.070]  after me. So I expect his talk will have a lot of good details on this matter. But the basic idea is
[01:17:23.070 --> 01:17:30.950]  that there's a disincentive to the minor reward that kicks in when the blocks are above a certain
[01:17:30.950 --> 01:17:38.270]  size, like 300 kilobytes. So, basically, the minor is disincentivized from just putting all sorts of
[01:17:38.270 --> 01:17:44.310]  spam into a block and then, you know, saying, hey, here you go, world, here's your new block. So, basically,
[01:17:44.310 --> 01:17:50.950]  their minor reward is going to go down the bigger the block they make. And to make up for that,
[01:17:50.950 --> 01:17:55.790]  though, user fees are going to increase if recent blocks are bigger than that. So, basically, if
[01:17:55.790 --> 01:17:59.530]  there's congestion on the network, then users are going to be asked to pay a little bit more.
[01:17:59.530 --> 01:18:05.070]  The block reward to the minor goes down a bit. But all of this is handled dynamically in a system
[01:18:05.070 --> 01:18:12.230]  that's not hard-coded. So that if you have a case in which there is actual organic, slowly growing,
[01:18:12.230 --> 01:18:17.390]  legitimate, non-spam use of the Monero network, it's going to accommodate that. It's going to allow
[01:18:17.390 --> 01:18:21.890]  for that. And you can see this in the transactions per day plot that I'm showing in the bottom here.
[01:18:21.890 --> 01:18:26.530]  Here I'm showing transactions per day on a logarithmic scale. So we're going from 10 up to 1
[01:18:26.530 --> 01:18:31.990]  million transactions per day on Bitcoin versus Monero. And in Bitcoin, you can see that there's
[01:18:31.990 --> 01:18:37.110]  like this, basically, this asymptotic limit that is being hit because there's this one megabyte
[01:18:37.110 --> 01:18:44.090]  block limit. Whereas in Monero, we're liberated from that with this adaptive algorithm. And you
[01:18:44.090 --> 01:18:48.890]  can see, basically, the general trend line in Monero is that the transactions per day are going
[01:18:48.890 --> 01:18:57.200]  up. We are seeing usage of the network. All right. So I want to move on to fungibility
[01:18:57.200 --> 01:19:03.140]  and its consequences in a surveillance society. Bitcoin is transparent. So if you're new to
[01:19:03.140 --> 01:19:09.460]  crypto, you might be under the mistaken assumption based on, and it's an understandably mistaken
[01:19:09.460 --> 01:19:16.400]  assumption, based on how wrong the popular press is. So often when it comes to any sort of reporting
[01:19:16.400 --> 01:19:22.660]  on Bitcoin or blockchain related topics, they routinely, you know, mangle the details
[01:19:22.660 --> 01:19:29.080]  in ways that you would expect and ways you wouldn't expect. But this narrative that Bitcoin
[01:19:29.080 --> 01:19:37.960]  is this, you know, super secret currency that nobody knows what's going on in it once you're
[01:19:37.960 --> 01:19:44.960]  in it is totally categorically false. Bitcoin is 100% transparent. It's all there in the Bitcoin
[01:19:44.960 --> 01:19:52.260]  whitepaper. The Bitcoin block etches forever for everyone to see. For every transaction,
[01:19:52.260 --> 01:19:57.520]  it shows the sender, the receiver, how much got transferred. For every Bitcoin address,
[01:19:57.520 --> 01:20:02.800]  it's trivial for anyone to go to a Bitcoin block explorer and type in anyone's address. It doesn't
[01:20:02.800 --> 01:20:08.560]  have to be your own address. It can be any person's address. It can be the, you know, donation address
[01:20:08.560 --> 01:20:14.840]  of somebody you see online. You can type them that address and you can see how much money they have.
[01:20:14.960 --> 01:20:22.760]  You can see a complete balance history in live, real time. What this does is it puts innocent
[01:20:22.760 --> 01:20:29.040]  people and businesses at risk. So, for example, let's say you, you know, pay for a pizza with
[01:20:29.040 --> 01:20:35.420]  Bitcoin, but just as it happens, let's say that, you know, this innocent person happens to be,
[01:20:35.420 --> 01:20:42.040]  have a significant amount of wealth in Bitcoin. So when they pay for this $10 pizza with Bitcoin,
[01:20:42.040 --> 01:20:47.660]  then the delivery guy now knows that, okay, here's the Bitcoin address that I just got my
[01:20:47.660 --> 01:20:53.580]  payment from. You know, delivery guy goes home, types in the address and can instantly see that
[01:20:53.580 --> 01:21:00.400]  the guy that he just delivered a pizza to has enough Bitcoin in it to be worth maybe considering
[01:21:00.400 --> 01:21:09.020]  sharing with some of his unsavory friends who might be interested in, you know, making a visit
[01:21:09.020 --> 01:21:15.660]  to this guy and seeing if he might be persuaded to share his Bitcoin with them. So this transparency
[01:21:15.660 --> 01:21:22.200]  puts innocent people and businesses at risk. For businesses, trade secrets are routinely
[01:21:23.060 --> 01:21:29.340]  considered part of business and nobody questions that. So no business wants to divulge how many
[01:21:29.340 --> 01:21:35.600]  customers it has, how much those customers pay, who its suppliers are, when they pay their suppliers.
[01:21:35.600 --> 01:21:45.040]  But all this sort of proprietary information that is necessary to make the special sauce
[01:21:45.040 --> 01:21:51.160]  of any legitimate business that is adding value for its customers, these operational details
[01:21:51.680 --> 01:21:57.580]  are an important part of that success. And so businesses don't want to give that away.
[01:21:57.680 --> 01:22:01.940]  On a transparent blockchain like Bitcoin, they are forced to give that information away. They
[01:22:01.940 --> 01:22:06.740]  have no choice. They have to give it away because it's by design transparent.
[01:22:08.540 --> 01:22:13.980]  It's as if you have a situation in which you have $10 bills, but on the back of every $10 bill,
[01:22:13.980 --> 01:22:19.740]  you see a nice list of everyone before you who's owned that $10 bill going all the way back to the
[01:22:19.740 --> 01:22:24.580]  U.S. Mint. You know, it shows you like every dollar bill shows you the mint that it came from.
[01:22:24.580 --> 01:22:32.340]  Imagine it showed the date of the printing, the employee at the mint who was the last person to
[01:22:32.340 --> 01:22:38.400]  touch it before it left the mint, the first bank that it got. And then basically every single
[01:22:38.400 --> 01:22:44.500]  person on that dollar bill, a list of that is shown. That's Bitcoin. Every single coin is
[01:22:44.500 --> 01:22:52.140]  traceable back to the miner. That invites voyeurism. It invites people to just basically be snoopy,
[01:22:52.140 --> 01:22:57.020]  like snoop, be creepy because they can. Because it's easy to type in, you know,
[01:22:57.020 --> 01:23:01.040]  your buddy's Bitcoin account into your own browser and look up how much cash they have.
[01:23:01.040 --> 01:23:05.100]  It's easy to do it. The system invites you to do it. So people do it.
[01:23:06.700 --> 01:23:12.480]  It also invites guilt by association because let's say you have a situation in which a squeaky
[01:23:12.480 --> 01:23:18.500]  clean guy, I'm going to use this squeaky clean guy example a lot. So I guess maybe in a Monero
[01:23:18.500 --> 01:23:23.920]  talk, you're not going to expect a whole bunch of talk about the interests of squeaky clean people,
[01:23:23.920 --> 01:23:28.580]  but maybe that's a refreshing thing. Like I would like to talk about squeaky clean people if that's
[01:23:28.580 --> 01:23:35.540]  okay and not criminals. You know, I identify more with the squeaky clean group quite a bit more.
[01:23:35.580 --> 01:23:40.220]  So I would like to talk about the interests of the squeaky clean people and what they would
[01:23:40.220 --> 01:23:46.000]  like to see in a cryptocurrency. So let's say you have a situation in which a squeaky clean guy is
[01:23:46.000 --> 01:23:51.200]  buying a car from somebody, right? So when you buy a car from somebody and you go on Craigslist
[01:23:51.200 --> 01:23:58.540]  or whatever, you see a bunch of cars posted. You don't really think to do a background check
[01:23:58.540 --> 01:24:03.480]  on the person selling the car. Is that really relevant? Like you're just buying a car.
[01:24:03.520 --> 01:24:09.500]  Is it necessary to, you know, pull a credit report and go on a detailed investigation on the person
[01:24:09.500 --> 01:24:14.620]  selling the car to find out if they had a, you know, a happy childhood, got enough hugs when
[01:24:14.620 --> 01:24:20.100]  they were a kid, like find out all that kind of stuff. Is that really something that we think as a
[01:24:20.100 --> 01:24:25.760]  society should be a necessary part of buying a car on Craigslist? Currently the answer is no.
[01:24:25.760 --> 01:24:31.260]  So basically it's okay to just go buy a car from a stranger and you don't know what that
[01:24:31.260 --> 01:24:36.100]  stranger's history is as long as they have clear title to the car and you have the cash, you can
[01:24:36.100 --> 01:24:41.640]  make a deal, right? And it's not going to be... and if it turns out that the person selling you the car
[01:24:41.640 --> 01:24:48.220]  was an unshady character in some way, you would expect in the cash system, in our current fiat
[01:24:48.220 --> 01:24:52.620]  system, that that is not going to come back to haunt you, that that is not going to be used to
[01:24:52.620 --> 01:24:57.760]  falsely accuse you. But yet in Bitcoin we have this situation where you have complete transparency
[01:24:57.760 --> 01:25:05.420]  in the blockchain, yet ignorance on the social circumstances surrounding each transaction.
[01:25:05.420 --> 01:25:12.560]  So, but you also have this perfect voyeurism that's part of the currency, which means like
[01:25:13.100 --> 01:25:17.660]  you're thinking, well, gee, I have this blockchain that shows every single detail of who sent what to
[01:25:17.660 --> 01:25:23.940]  who. If only I could associate each of these Bitcoin addresses to actual names and faces,
[01:25:24.540 --> 01:25:31.040]  then I would have a graph, I would have a graph showing different people giving money to different
[01:25:31.040 --> 01:25:36.560]  people. And let's say I could further identify certain members of this system as being bad
[01:25:36.560 --> 01:25:43.580]  actors, right? So now I have this graph of bad actors and I have that bad actor's complete
[01:25:43.580 --> 01:25:49.060]  financial history on this transaction, on this transparent blockchain. Well, let's say this bad
[01:25:49.060 --> 01:26:00.840]  actor sold his car to Squeaky Clean Guy. So Squeaky Clean Guy now gave his Bitcoin,
[01:26:00.840 --> 01:26:07.820]  in this scenario, his or her Bitcoin, to this, unbeknownst to them, bad actor who was selling
[01:26:07.820 --> 01:26:14.100]  them a car. Now this bad actor goes out and does something bad with that Bitcoin. Let's say, you
[01:26:14.100 --> 01:26:20.080]  know, drugs or organized crime or whatever, you know, whatever, whatever the bad thing is, right?
[01:26:20.080 --> 01:26:25.280]  So this criminal goes out and does that with the Bitcoin that they got from this
[01:26:25.280 --> 01:26:33.900]  innocent Squeaky Clean Guy. Well, because the Bitcoin blockchain is transparent and you have
[01:26:33.900 --> 01:26:38.560]  multiple companies whose job it is to do precisely what I just said, that is,
[01:26:38.560 --> 01:26:47.020]  put names and faces on accounts in the Bitcoin system and basically come up with what amounts
[01:26:47.020 --> 01:26:52.480]  to a social credit score for everyone in the Bitcoin network. Your social credit score will
[01:26:52.480 --> 01:27:00.720]  be good if your dot in their graph is only connected to other dots in their graph that
[01:27:00.720 --> 01:27:06.880]  are known to be quote-unquote good. And as soon as you have a link from your dot to another dot
[01:27:06.880 --> 01:27:12.920]  that's quote-unquote bad, that's going to ding your social credit score. This is currently live
[01:27:12.920 --> 01:27:19.180]  and in place in Bitcoin. And by participating in Bitcoin, it's like you are signing an implicit
[01:27:19.180 --> 01:27:25.960]  terms and conditions saying that I agree for my data that is being put on the Bitcoin blockchain
[01:27:25.960 --> 01:27:33.420]  to be poured over by analysts somewhere in the world who have no idea who I am, but based on
[01:27:34.060 --> 01:27:41.160]  basically who is sending money to who, could well have the power to make false assumptions,
[01:27:41.160 --> 01:27:48.100]  false positive results against my character. And I have no recourse over that. That is part of the
[01:27:48.100 --> 01:27:53.780]  implicit terms and conditions that squeaky clean people sign in effect when they participate in
[01:27:53.780 --> 01:28:04.520]  Bitcoin. Technical censorship resistance, which is proudly featured within Bitcoin,
[01:28:04.520 --> 01:28:09.800]  you know, our network is censorship resistant. We have the most hash power behind us.
[01:28:10.420 --> 01:28:16.600]  Unfortunately, when this comes up against the topmost OSI layer, right, we're talking like the
[01:28:16.600 --> 01:28:21.960]  human meatspace layer. Unfortunately, technical censorship resistant turns out to be insufficient,
[01:28:21.960 --> 01:28:28.500]  because if you have a Bitcoin address that is associated with a, like, let's say a really bad
[01:28:28.500 --> 01:28:34.300]  guy, like an undisputed, you know, international terrorist who everybody agrees is like a really
[01:28:34.300 --> 01:28:42.920]  bad person, and they have a Bitcoin address. In effect, anyone who does a transaction with that
[01:28:42.920 --> 01:28:50.420]  Bitcoin address is going to get a lot of unwanted attention. It's going to be instant. And because
[01:28:50.420 --> 01:28:57.900]  the Bitcoin blockchain is so public, and there are companies that are looking at this sort of data.
[01:28:58.420 --> 01:29:05.000]  So even though you have technical censorship resistance, well, yeah, yeah, I guess. I mean,
[01:29:05.000 --> 01:29:10.220]  but so what if you have, like, every three letter agency has this certain, you know,
[01:29:10.220 --> 01:29:17.300]  list of Bitcoin addresses on its bad list? How many Bitcoin people are there who are actually,
[01:29:17.300 --> 01:29:23.040]  you know, checking against all of these addresses on their list? I would say they're probably very
[01:29:23.040 --> 01:29:30.880]  few, like, like individuals. But every company is paying 10s of 1000s of dollars per month
[01:29:30.880 --> 01:29:39.270]  to one of these blockchain analysis companies that is doing. All right, in contrast with Bitcoin,
[01:29:39.270 --> 01:29:44.030]  Monero is fungible. And Monero does this by integrating three separate technologies,
[01:29:44.030 --> 01:29:48.390]  all of which combine to promote indistinguishability between the tokens in the
[01:29:48.390 --> 01:29:54.730]  Monero network. One is ring signatures. So ring signatures, keep the identities of the senders
[01:29:54.730 --> 01:30:02.630]  private. So in Monero, what happens is that, let's, let's say I want to send Monero, what happens is
[01:30:02.630 --> 01:30:09.330]  that when I put together my transaction, and I sign it at the time of signing, I take my,
[01:30:10.790 --> 01:30:15.750]  my transaction input, basically, you can think of my little chunk of Monero, which is associated
[01:30:15.750 --> 01:30:22.770]  with my address, and then the protocol will pick 10 other chunks of Monero that exist on the
[01:30:22.770 --> 01:30:28.830]  network. And when I construct the signature to spend that Monero, the only thing that you know
[01:30:28.830 --> 01:30:34.250]  cryptographically is one of these 11 chunks of Monero are the are the ones that actually are
[01:30:34.250 --> 01:30:40.810]  being sent. You don't know which one it is. So that's how ring signatures keep the transacting
[01:30:40.810 --> 01:30:46.630]  senders private. Stealth addresses keeps the transacting receivers private. So in Bitcoin,
[01:30:46.630 --> 01:30:51.670]  the receiver's Bitcoin address shows up in plain text on the blockchain for everybody to see.
[01:30:51.770 --> 01:30:58.150]  So in Monero, that doesn't happen. In Monero, the receiving blockchain address gets encrypted
[01:30:58.790 --> 01:31:02.610]  in a one-time sort of thing. So it doesn't get encrypted the same way every time it gets
[01:31:02.610 --> 01:31:07.950]  encrypted in a different way for every transaction. So a stealth address gets a one-time stealth
[01:31:07.950 --> 01:31:12.110]  address gets put on the blockchain. That's what everyone can see. It's an encrypted version of the
[01:31:12.110 --> 01:31:17.090]  receiver's address. And so that keeps the transacting receivers private. Then finally, RingCT
[01:31:17.090 --> 01:31:25.610]  is a technology that keeps transaction amounts sent private. So the original white paper for
[01:31:25.610 --> 01:31:31.150]  Monero was a crypto note white paper. The crypto note white paper included ring signatures and
[01:31:31.150 --> 01:31:36.850]  stealth addresses in it, but it did not include RingCT. RingCT came later. It's a fungibility
[01:31:36.850 --> 01:31:43.930]  innovation. And I think it's an interesting example of the kind of stubbornness and dedication and
[01:31:43.930 --> 01:31:49.290]  kind of alignment of all the elements of the Monero community in improving fungibility in this
[01:31:49.290 --> 01:31:56.330]  project. So to put RingCT live into action, it required three things. It required original
[01:31:56.330 --> 01:32:02.730]  cryptographic research. So we're talking, you know, post-PhD level mathematics. It required
[01:32:02.730 --> 01:32:08.110]  development and an external audit of new code. So you need some code ninjas to make
[01:32:08.110 --> 01:32:13.930]  this stuff happen. So you have some higher level math being created, new knowledge being created on
[01:32:13.930 --> 01:32:20.550]  the mathematical cryptography front. Then that has to be applied into code that people
[01:32:20.550 --> 01:32:27.550]  are confident enough can be entrusted with keeping safe custody of people's money. So
[01:32:28.330 --> 01:32:33.730]  you need development in an external audit of new code. So the external is actually optional.
[01:32:33.810 --> 01:32:38.750]  There might be projects out there who don't do an external audit because it costs money.
[01:32:38.830 --> 01:32:45.150]  So in Monero, all of the new, all of the big, you know, code upgrades that I can think of,
[01:32:45.150 --> 01:32:52.990]  certainly in the last several years, have all had a separate external audit phase in which
[01:32:52.990 --> 01:32:59.210]  community members are asked to contribute to pay for other, you know, basically extra eyeballs to
[01:32:59.210 --> 01:33:04.530]  look at code before it gets put into production. And then third, you needed community commitment
[01:33:05.330 --> 01:33:16.110]  to hard fork RingCT into existence. So here's some data from the blockchains that
[01:33:16.770 --> 01:33:23.610]  kind of explain the story here. So the top chart I'm showing is the daily average of the average
[01:33:23.610 --> 01:33:30.130]  number of bytes per transaction. So you can see I'm showing in black is Bitcoin. It's been very,
[01:33:30.130 --> 01:33:37.750]  you know, pretty constant in Bitcoin. Like they're, you know, the ethos coming from Bitcoin is that,
[01:33:37.750 --> 01:33:43.130]  you know, we want the protocol to be safe and we don't want to make too many changes because,
[01:33:43.130 --> 01:33:47.790]  you know, there's a lot of money riding on this network. You know, set aside the fact that
[01:33:47.790 --> 01:33:53.870]  Bitcoin is still like a baby in terms of global finance, like the Bitcoin in global terms is not
[01:33:53.870 --> 01:33:58.150]  keeping track of a whole lot of money. But that's the attitude that they take is that, you know,
[01:33:58.150 --> 01:34:03.350]  we're the custodians and you want to be very conservative and we don't want to make changes.
[01:34:03.350 --> 01:34:09.370]  It's going to be what it is. So you can see that there's been very little change over 11 years on
[01:34:09.370 --> 01:34:16.010]  this front in how big a Bitcoin transaction is. It's quite different for Monero. So if you look
[01:34:16.010 --> 01:34:22.630]  here now at 2014, the Monero network was born. Initially, nobody was using the Monero network.
[01:34:22.630 --> 01:34:30.090]  And so you would see only minor rewards being sent out. And in Monero, minor reward blocks are,
[01:34:30.090 --> 01:34:35.570]  they don't take that many bytes. So that's why in like the birth days of Monero, you see that
[01:34:35.570 --> 01:34:40.390]  the transaction size in bytes was very small because those were mostly Coinbase transactions
[01:34:40.390 --> 01:34:46.850]  going out to basically empty blocks. But then people started using it. And then in the early
[01:34:46.850 --> 01:34:53.730]  days of Monero, the way it worked was that the system used denominated outputs. So for example,
[01:34:53.730 --> 01:35:02.010]  you can think of there being like a, like one Monero, like gold chunk that is encased in plastic,
[01:35:02.010 --> 01:35:07.950]  right? And it's engraved with the kind of owner's, you know, private key information on it.
[01:35:07.950 --> 01:35:12.370]  And it can only be used by that person. And once a person spends that one Monero
[01:35:13.490 --> 01:35:18.430]  output, then it transmits and it goes, it becomes the property of somebody else on the Monero
[01:35:18.430 --> 01:35:24.710]  network. But you basically have this discrete kind of chunk of value that gets passed around.
[01:35:24.750 --> 01:35:29.310]  And so in the early days of Monero, you had, you know, one Monero chunks, two Monero chunks,
[01:35:29.310 --> 01:35:34.450]  10 Monero chunks, 100 Monero chunks. You had basically every round number. So you had one
[01:35:34.450 --> 01:35:39.030]  through nine, 10 through 90, 100 through 900, 1,000 through 9,000. So you had, you know, and
[01:35:39.030 --> 01:35:44.990]  then going the other way, 0.1 through 0.9, 0.01 through 0.09, all the way going there. So basically
[01:35:44.990 --> 01:35:50.950]  to put a transaction together, if you wanted to spend 341 Monero, you'd have to get a 300 block,
[01:35:51.270 --> 01:35:55.150]  a 40 block and a one block or some combination. You had to, you know, scrounge around your outputs
[01:35:55.150 --> 01:36:00.710]  and come up with 341. And then when you spent it, you'd have to either, you know, you'd have to
[01:36:00.710 --> 01:36:06.610]  spend the actual chunks that you had, or you'd have to break them up. Right. So that was, that's
[01:36:06.610 --> 01:36:13.190]  what was going on in the early days of Monero up until 2017. Then it was recognized that this was
[01:36:13.190 --> 01:36:19.810]  not so good for privacy because, you know, if you spend 341 Monero, just to make up a number,
[01:36:19.810 --> 01:36:26.490]  I sent 341 Monero to my buddy. Now my buddy has 341 Monero and they send it to somebody else.
[01:36:26.490 --> 01:36:30.870]  You can see the 300 and the 40 and the one, you can see they're kind of traveling around.
[01:36:31.250 --> 01:36:36.910]  That's what you could see in Monero pre-RingCT. And so it was decided in the community that this
[01:36:36.910 --> 01:36:43.670]  was not acceptable. And so when the result, the research for RingCT was increasingly tested and
[01:36:43.670 --> 01:36:49.530]  vetted and, and it was seen to be good and also externally audited, there was a decision in the
[01:36:49.530 --> 01:36:55.050]  community, community to do it. Now, this was despite the fact that when RingCT was enabled,
[01:36:55.050 --> 01:36:59.910]  you can see there's this big jump in 2017 of the transaction size. So it went to about
[01:36:59.910 --> 01:37:05.570]  10 kilobytes per transaction and it peaked almost to like, you know, 20 kilobytes per
[01:37:05.570 --> 01:37:09.790]  transaction. We're looking at very large transactions compared to the size of the
[01:37:09.790 --> 01:37:14.910]  Bitcoin transactions. But that was a price that was kind of unanimously decided in the,
[01:37:14.910 --> 01:37:19.730]  in the Monero community was worth it to improve fungibility of the coin,
[01:37:19.730 --> 01:37:25.730]  which would protect the innocent. All right. And you can see that in the bottom chart here,
[01:37:25.730 --> 01:37:31.350]  I'm showing the daily average transaction fee. So this is how much a, the person signing the
[01:37:31.350 --> 01:37:36.030]  check. This is how much that person who signs a check to spend money in Monero,
[01:37:36.030 --> 01:37:42.370]  how much money they are kicking in to chip into the miner, whose job it is to add their
[01:37:42.370 --> 01:37:49.330]  transaction to the next block. And so you can see that for quite a while, the Monero and the
[01:37:49.330 --> 01:37:55.770]  Bitcoin block fees kind of went in, in parallel together. At the last big bull run at the end of
[01:37:55.770 --> 01:38:01.810]  2017, Bitcoin's transaction fees were in the like, you know, 50, a hundred dollar range.
[01:38:02.190 --> 01:38:08.850]  It's basically because, you know, there's all this, you know, new interest of new people into
[01:38:08.850 --> 01:38:13.670]  cryptocurrency and Bitcoin in particular. The new interest was driven by the, you know,
[01:38:13.670 --> 01:38:19.010]  spectacular rise of price. And so you had all these noobs wanting to try their, you know,
[01:38:19.010 --> 01:38:23.830]  their new Bitcoin, going to the network, you know, basically all these people were flooding the
[01:38:23.830 --> 01:38:31.550]  network with their transaction requests because Bitcoin has this one megabyte block size limit.
[01:38:31.550 --> 01:38:37.910]  There's a ceiling to how many transactions that can process. And so as a result, the fees went way up.
[01:38:38.870 --> 01:38:46.990]  And so they went up in Monero as well. And that was largely, you know, there's,
[01:38:46.990 --> 01:38:51.610]  RingCT had a role in that because RingCT was making the transaction sizes that much bigger.
[01:38:52.250 --> 01:39:00.130]  Then later Bulletproofs came. So Bulletproofs were a method to use more clever mathematics to,
[01:39:00.910 --> 01:39:08.030]  to ensure that the balance of inputs and outputs that is guaranteed using higher math in RingCT
[01:39:08.510 --> 01:39:13.090]  can be done with far less byte space than it previously did. So you see when Bulletproofs
[01:39:13.090 --> 01:39:17.710]  and again, there's a, there's a research process, an audit process, a coding process,
[01:39:17.710 --> 01:39:22.030]  and a vetting process for all this for Bulletproofs as well. But when that went live on the network,
[01:39:23.390 --> 01:39:28.610]  and that was in late 2018, you can see that the transaction size dropped by basically an order
[01:39:28.610 --> 01:39:34.330]  of magnitude. And then you can see here on the transaction fee side, the fees also dropped by
[01:39:34.330 --> 01:39:41.010]  an order of magnitude. So you can see that all of this innovation happened relatively recently.
[01:39:41.010 --> 01:39:46.270]  We're talking since 2017, 2018. I know it's a long time in terms of crypto terms because,
[01:39:46.270 --> 01:39:50.190]  you know, things move so fast in crypto, but, you know, if you look on human terms,
[01:39:50.190 --> 01:39:56.390]  like, like all this improvement happened in a short timeframe, which means that oftentimes you'll
[01:39:56.390 --> 01:40:02.690]  see like, kind of criticism of Monero being like, the transaction sizes are way too big. It's never
[01:40:02.690 --> 01:40:06.670]  going to scale, or the transaction fees are way too big. People are never going to want to pay
[01:40:06.670 --> 01:40:13.110]  that. Well, that, that is all obsolete as of like, basically, you know, two years ago. As of late
[01:40:13.110 --> 01:40:19.350]  2018, these things are no longer really true. You could argue that the Monero transaction sizes are
[01:40:19.350 --> 01:40:24.750]  still quite a bit larger than Bitcoins. But there's a, there's a new news item in the Monero
[01:40:24.750 --> 01:40:32.270]  research pipeline. CL-SAGs are a way to compress the byte size requirement of transactions even
[01:40:32.270 --> 01:40:37.010]  further, on top of what Bulletproofs have done. That's been, that just went through an audit
[01:40:37.010 --> 01:40:43.170]  process, and it's being coded up for inclusion in the next hard fork, the next planned hard fork.
[01:40:43.170 --> 01:40:48.990]  And again, in Monero, hard fork is not like a term of, you know, war. It's like a kind of something
[01:40:48.990 --> 01:40:53.810]  we look forward to, because it means that new good stuff is coming, going to come on live.
[01:40:53.970 --> 01:41:00.610]  So CL-SAGs are set to go on live on the network this October. And once that happens, you're, I'm
[01:41:00.610 --> 01:41:05.450]  showing in a dotted line here, like basically the order of magnitude of improvement that we're
[01:41:05.450 --> 01:41:11.530]  going to, that we're expecting to see on the average transaction side size post-CL-SAG. So
[01:41:11.530 --> 01:41:16.030]  you can see that there's a gap here between the transaction sizes between Monero and Bitcoin,
[01:41:16.030 --> 01:41:20.530]  but it's shrinking. And the reason it's shrinking is that there's a lot of
[01:41:22.250 --> 01:41:27.030]  dedicated smart effort being put into that by members of the Monero community.
[01:41:29.470 --> 01:41:35.150]  Meanwhile, on the fee side, fees in Monero have been like in the penny range for like a, like over
[01:41:35.290 --> 01:41:43.190]  a year now. So, you know, if you're thinking of contrasting that with Bitcoin, in which, you know,
[01:41:43.190 --> 01:41:47.710]  if you want to try to achieve some measure of fungibility within Bitcoin, you have to do all
[01:41:47.710 --> 01:41:53.410]  sorts of, you know, ninja stuff, which is, you know, questionable in effect, because in the end,
[01:41:53.410 --> 01:41:58.470]  everything you do in Bitcoin is totally transparent. So, I mean, it's like a cat and
[01:41:58.470 --> 01:42:04.390]  mouse game. Anyway, to try and get some semblance of privacy in Bitcoin, there's like a bunch of
[01:42:04.390 --> 01:42:11.570]  different steps you got to do of varying practicality. Some of it might, and most of it
[01:42:11.570 --> 01:42:19.730]  just doesn't get done by most people in Bitcoin. So if you compare the, for the use case of
[01:42:19.730 --> 01:42:27.370]  transacting privately, especially for squeaky clean people who want to be insulated from the
[01:42:27.370 --> 01:42:34.170]  unrelated actions of other people on the network, Monero is the way to go.
[01:42:35.890 --> 01:42:40.650]  Monero benefits people with nothing to hide. It eliminates the risk of receiving coins that are
[01:42:40.650 --> 01:42:45.070]  tainted due to no fault of the receiver. So this is the example of the selling the used car.
[01:42:45.070 --> 01:42:49.850]  So one interesting thing is that these chain analysis companies, basically one thing that
[01:42:49.850 --> 01:42:56.290]  they do is that they flatten the time dimension. And what I mean by that is that it doesn't matter
[01:42:56.290 --> 01:43:05.370]  if person A sent a Bitcoin to person B 10 minutes ago, or six years ago. Once that link happens
[01:43:05.370 --> 01:43:12.910]  between person A and person B, now there's a link. Now there's a certain probability of suspicion
[01:43:12.910 --> 01:43:19.430]  that people A and B are actually, you know, business partners and not just random people doing
[01:43:20.190 --> 01:43:25.570]  a arm's length transaction like with selling a car to a stranger. Like the people analyzing the
[01:43:25.570 --> 01:43:31.130]  blockchain have no idea of that social context. All they can do is, you know, assign some sort of
[01:43:31.130 --> 01:43:37.490]  probability of social involvement with that, right? What that ends up meaning is that for
[01:43:37.490 --> 01:43:43.750]  people who actually are squeaky clean, any involvement in the Bitcoin blockchain means
[01:43:43.750 --> 01:43:49.250]  you have a probability of interacting with somebody else on the Bitcoin blockchain who is
[01:43:49.250 --> 01:43:55.150]  not as squeaky clean as you are. And if that happens, that's going to be flagged in these
[01:43:55.150 --> 01:44:02.690]  companies doing blockchain analysis as a potentially meaningful link. When the fact is,
[01:44:02.690 --> 01:44:08.510]  it's a false positive. It's an actually meaningless link. But you as the user have
[01:44:08.510 --> 01:44:13.550]  no power over that. You have no recourse. You have no way of communicating to these
[01:44:13.550 --> 01:44:18.630]  companies and saying, hey, yo, I'm actually squeaky clean. They don't know. They don't know.
[01:44:18.630 --> 01:44:24.630]  They don't care. They have no liability. If they do a false positive, well, it's just, you know,
[01:44:24.630 --> 01:44:30.190]  they can't help it if they thought that, you know, well, this person looks suspicious,
[01:44:30.190 --> 01:44:34.530]  you know, I guess, you know, it's not my fault that they sent the SWAT team to this
[01:44:34.530 --> 01:44:40.770]  innocent guy's place. I was just doing my job, right? I mean, that's the kind of issue that is
[01:44:40.770 --> 01:44:45.950]  going to increasingly be happening on a totally transparent blockchain.
[01:44:47.410 --> 01:44:54.710]  All right. There's a Nobel Prize winning paper that I want to talk a bit about. It was by George
[01:44:54.710 --> 01:44:59.950]  Ekerlof who won the Nobel in economics, and he got the Nobel by talking about the used car market.
[01:45:00.050 --> 01:45:07.030]  So there's a linkage here between used cars, the pandemic, and surveillance coins,
[01:45:07.030 --> 01:45:13.730]  which is what I like to call transparent coins. All right. There are two used cars types. They're
[01:45:13.730 --> 01:45:18.050]  lemons and they're peaches. So lemons are the ones, those are the bad cars, right? Those are
[01:45:18.050 --> 01:45:23.090]  the cars that are junk. And they were, you know, they went through a hurricane or a flood or
[01:45:23.090 --> 01:45:27.430]  something. There's some big problem with the car. Whoever buys that lemon is going to have nothing
[01:45:27.430 --> 01:45:31.730]  but problems because the thing's going to break and they're going to have repair bills. On the other
[01:45:31.730 --> 01:45:36.330]  hand, you have peaches. Peaches are the kind of slang name within the used car industry for
[01:45:36.330 --> 01:45:42.670]  cars that are good. They were in care of. Usually it's like the person who actually bought the car
[01:45:42.670 --> 01:45:47.270]  and didn't, you know, didn't lease the car. They bought the car new. They took good care of it.
[01:45:47.270 --> 01:45:50.810]  They did all the maintenance. They changed the oil. They did all, you know, they took the car to
[01:45:50.810 --> 01:45:56.590]  the dealer and paid higher prices for maintenance rather than just take it to their cousin who did
[01:45:56.590 --> 01:46:03.310]  oil changes for cheap in their garage or whatever, right? So peaches are the cars that got like the
[01:46:03.310 --> 01:46:08.470]  first class treatment in terms of maintenance. Lemons are the opposite, right? And when it's
[01:46:08.470 --> 01:46:13.690]  time to sell these cars, you can't tell them apart though because both the lemons and the peaches
[01:46:14.290 --> 01:46:20.350]  go through a very thorough paint job process in which the finish is, you know,
[01:46:20.350 --> 01:46:25.890]  polished down to a mirror finish so that both the lemons and the peaches look, they look superficially
[01:46:25.890 --> 01:46:31.590]  to be fantastic. So the buyers can't tell them apart, but the buyers know that they are ignorant
[01:46:31.590 --> 01:46:37.210]  in this situation. They know that even though all of the cars on this used car lot look great,
[01:46:37.210 --> 01:46:42.030]  there's some of them that are actually lemons and some of them are peaches, right? So the Akerlof
[01:46:42.030 --> 01:46:47.530]  insight goes as follows. There is a negative feedback loop in this marketplace which has
[01:46:47.530 --> 01:46:53.050]  asymmetric information between buyers and sellers. The buyers are relatively ignorant
[01:46:53.050 --> 01:46:58.270]  relative to the sellers. The sellers know which of the cars are the lemons and which of the cars
[01:46:58.270 --> 01:47:03.670]  are the peaches. The buyers don't know that, but they know that they're ignorant. So in that
[01:47:03.670 --> 01:47:09.650]  situation, here's what happens. The buyers come up with an offer price for their used car. That offer
[01:47:09.650 --> 01:47:14.210]  price is going to be the lemon price because that's, that's the minimum possible price it
[01:47:14.210 --> 01:47:20.150]  can be worth is the lemon price. But then based on the buyer's perceived probability of getting
[01:47:20.310 --> 01:47:25.370]  a peach versus getting a lemon, they're going to adjust their offer price to account for the
[01:47:25.370 --> 01:47:30.570]  probability that they're going to get a lemon. So in, for example, if the used car buyer thinks
[01:47:30.570 --> 01:47:35.010]  that there's only a 1% chance that they're going to get a lemon, then their offer price is going
[01:47:35.010 --> 01:47:41.670]  to be almost equal to that of a peach price. It's going to be basically 99% of the difference
[01:47:41.670 --> 01:47:46.210]  between the lemon and the peach. That's the rational offer price. If you think there's a
[01:47:46.210 --> 01:47:54.090]  1% chance, you're going to get a lemon. So let's say the buyer thinks there's,
[01:47:54.090 --> 01:47:57.890]  thinks there's a 5% chance of getting a lemon. So they come up with this offer price that's
[01:47:57.890 --> 01:48:02.150]  in between a lemon price and a peach price, but it's pretty close to the peach price, but it's not
[01:48:02.150 --> 01:48:09.270]  quite. So what happens when the, um, the seller makes this offer? Well, the lemon seller is delighted.
[01:48:09.270 --> 01:48:13.350]  The lemon seller is delighted because they're selling a thing that's worth the lemon price.
[01:48:13.350 --> 01:48:19.790]  Here comes the sucker offering almost a peach price for this car. So the lemon seller says,
[01:48:19.790 --> 01:48:25.030]  great deal. Great. I will accept your offer. And they shake hands. They sell that lemon.
[01:48:25.070 --> 01:48:29.550]  How about the peach sellers? The peach sellers are the people who took good care of their cars.
[01:48:29.830 --> 01:48:35.830]  They know that their car is worth the peach price, but because of this ignorance, they are unable to
[01:48:35.830 --> 01:48:40.530]  transmit this goodness, the knowledge of that goodness to the buyer. The buyer is unwilling to
[01:48:40.530 --> 01:48:45.450]  pay for full goodness. They are willing to only pay for partial goodness because they think there's
[01:48:45.450 --> 01:48:49.930]  some probabilistic chance that they're going to get burned on the deal. So the peach sellers are
[01:48:49.930 --> 01:48:55.490]  being offered less than what their car, what they know their car is worth. So they will tend to say
[01:48:55.490 --> 01:49:01.550]  no thanks. When the peach sellers say no thanks, they end up leaving this used car market. In other
[01:49:01.550 --> 01:49:08.550]  words, the peach sellers who had put their car up for sale, now they delete their Craigslist ad,
[01:49:08.550 --> 01:49:16.030]  right? As a result, the fraction of Craigslist ads that are selling lemons goes up because some of
[01:49:16.030 --> 01:49:21.190]  these peach sellers left. Therefore, the chances of getting a lemon have gone up. Now the buyers
[01:49:21.190 --> 01:49:26.390]  are eventually going to get wise to this. They're going to observe that, oh gee, I thought the chance
[01:49:26.390 --> 01:49:31.050]  of getting a lemon was 5%, but you know, my buddy just bought a used car. He got a lemon.
[01:49:31.050 --> 01:49:36.170]  This other buddy, he got a lemon too. So, you know, maybe I think it's like, you know, 10 or 15%.
[01:49:36.170 --> 01:49:40.990]  So basically the offer price goes down. When the offer price goes down, the lemon sellers
[01:49:40.990 --> 01:49:45.870]  continue to accept that because basically everything in the second probabilistic term for
[01:49:45.870 --> 01:49:51.610]  the offer price is gravy. That's their profit. So there's no way for a lemon seller to lose in
[01:49:51.610 --> 01:49:56.210]  this situation. No matter what the offer price coming in is, they're going to accept it. But the
[01:49:56.210 --> 01:50:01.710]  lower the prices, the stronger the reaction from the peach sellers is going to be to leave the
[01:50:01.710 --> 01:50:07.170]  market. So you basically have this negative feedback loop and this race to the bottom in
[01:50:07.170 --> 01:50:12.950]  which all of the sellers of the good stuff leave the market and you're left with only a market of
[01:50:12.950 --> 01:50:20.270]  junk. You have 100% lemons in the used car market. And even despite like the real used car market,
[01:50:20.270 --> 01:50:26.090]  which has been assisted by things like Carfax, which, you know, gives you some semblance of
[01:50:26.190 --> 01:50:33.110]  a history of a car to help you assess that probability, it's still, you know, it's still an
[01:50:33.110 --> 01:50:46.470]  unknown. So, right. So even though there's Carfax now, the used car market continues to have a bit
[01:50:46.470 --> 01:50:51.470]  of a shady reputation, right? It continues to be the case that people who take really good care of
[01:50:51.470 --> 01:50:57.570]  their cars tend to be the ones who will keep the cars and not sell them. They exit that market.
[01:50:57.710 --> 01:51:03.310]  All right. So the Akerlof paper has direct applications to Defcon safe mode, what we're
[01:51:03.310 --> 01:51:10.150]  doing now, and also transparent coins. So let's, let's look at the pandemic example. So people with
[01:51:10.150 --> 01:51:15.550]  good health, right? People who are healthy and actually are healthy. Those are peaches in this
[01:51:15.550 --> 01:51:22.770]  situation. So, and the used car marketplace is the marketplace that consists of going to a
[01:51:22.770 --> 01:51:30.990]  conference and meeting cool other people and making new friends and all that. So when, when
[01:51:30.990 --> 01:51:36.930]  a peach seller, in other words, a healthy person is faced with the prospect of engaging in such a
[01:51:36.930 --> 01:51:44.310]  marketplace, that buyer is ignorant of whether the product that they're going to buy when they go to
[01:51:44.310 --> 01:51:49.810]  that marketplace is continued good health from making new friends and staying healthy, or if
[01:51:49.810 --> 01:51:55.050]  they're going to get a lemon. Getting a lemon would be, you know, you know, making buddies with someone
[01:51:55.050 --> 01:52:02.790]  who is asymptomatic and had the virus and didn't know it. They come home sick, right? So that's,
[01:52:02.790 --> 01:52:10.630]  that's the situation where you have ignorance of the particular details of who is a lemon and who
[01:52:10.630 --> 01:52:17.230]  is a peach, but a probabilistic assessment that if you engage in the marketplace, there's a
[01:52:17.230 --> 01:52:23.610]  percentage of probability that you're going to end up with a lemon. And so the rational,
[01:52:23.610 --> 01:52:29.110]  the rational action in that is for the healthy people to bypass that market. They, they, they
[01:52:29.110 --> 01:52:36.210]  say, no thanks, I am not going to engage in the market for real in-person networking at this
[01:52:36.210 --> 01:52:42.610]  point in time. And it's going to be a good idea to do Defcon in safe mode, right? That is an example
[01:52:42.610 --> 01:52:49.110]  of the peaches leaving the market. Let's look at transparent coins of which Bitcoin is one. So when
[01:52:49.110 --> 01:52:55.550]  you have a surveillance coin in which all of the details are put, put up on a ledger, and you have
[01:52:55.550 --> 01:53:02.970]  squeaky clean people, right? Who genuinely have nothing to hide. They, they live their lives well.
[01:53:02.970 --> 01:53:07.050]  They haven't done anything to anybody, which is actually the majority of people, I think.
[01:53:07.050 --> 01:53:13.810]  You have squeaky clean coin owners. They are the owners of transparent coins that have their
[01:53:13.810 --> 01:53:20.070]  reputation attached to them. Is it worth it for these people to go out into the Bitcoin marketplace
[01:53:20.070 --> 01:53:26.190]  and transact goods and services in Bitcoin when they are, when they have full knowledge of the
[01:53:26.190 --> 01:53:31.950]  fact that some of the people in the Bitcoin ecosystem are not as squeaky clean as they are?
[01:53:31.950 --> 01:53:39.950]  And if they transact with these people, they have some risk of being falsely flagged in a
[01:53:39.950 --> 01:53:48.990]  false positive as being a, a comrade of some bad guy. They don't know who it's going to happen with.
[01:53:48.990 --> 01:53:53.390]  This is, it's exactly the same as the Yukon market. They don't know which of these people
[01:53:53.390 --> 01:53:57.550]  that they're transacting with is the lemon who's going to cause them all sorts of problems,
[01:53:58.110 --> 01:54:03.350]  because some chain analysis company makes a false association between them. They don't know who it
[01:54:03.350 --> 01:54:07.890]  is, but they know that they're out there somewhere and that there's some probability of that happening.
[01:54:08.090 --> 01:54:14.850]  So if you are truly squeaky clean, what is the rational response to such an ecosystem?
[01:54:14.850 --> 01:54:19.810]  What is the rational response? Would you like to opt in to this social system where you might
[01:54:19.810 --> 01:54:24.490]  be falsely accused of someone who you have nothing to do with, but you just happen to
[01:54:24.490 --> 01:54:31.210]  exchange coins in some, some one-off transaction? Are you okay with that? So that's the question
[01:54:31.210 --> 01:54:35.250]  that's being asked to the squeaky clean people when they are being asked to participate in a
[01:54:35.250 --> 01:54:43.090]  system like Bitcoin. So there's a cryptocurrency safe mode idea I want to get across. So
[01:54:43.090 --> 01:54:49.090]  just like it was, you know, we look back and we, we say, wow, it was a little bit naive of,
[01:54:49.090 --> 01:54:53.890]  of people to, to automatically assume that they're healthy just because they feel healthy.
[01:54:54.490 --> 01:55:00.210]  It was naive of people to think that the only people out there who are sick are the ones who
[01:55:00.210 --> 01:55:06.190]  are actively sneezing and coughing, right? So we can look back at, you know, several months ago,
[01:55:06.190 --> 01:55:10.330]  wake to prehistoric times of several months ago and kind of wonder how we could have possibly
[01:55:10.330 --> 01:55:13.930]  lived our lives like that. There's a similar kind of thing I think that's going to happen
[01:55:13.930 --> 01:55:20.290]  with transparent coins. You have people who are squeaky clean. Somebody wants to send them Bitcoin.
[01:55:20.290 --> 01:55:26.390]  Yes. Well, I guess they have Bitcoin, so they must be legit. They, they're cool enough to get
[01:55:26.390 --> 01:55:32.030]  with it with understanding Nakamoto consensus. They must be a good guy, right? Okay. I'll take
[01:55:32.030 --> 01:55:38.090]  your money. So funds received later, any unpleasant effects. And this could be immediate and it could
[01:55:38.090 --> 01:55:42.610]  not be immediate. Like that's the thing about flattening the transaction graph between people.
[01:55:42.690 --> 01:55:48.750]  It takes away the time dimension. So let's say you do, let's say, you know, you settle a dinner
[01:55:48.750 --> 01:55:56.090]  bill with your buddy, right? Five years later, you and your buddy, you know, diverge paths. And
[01:55:56.090 --> 01:56:00.630]  it turns out that your former buddy is now involved in organized crime, right? And then
[01:56:00.630 --> 01:56:06.050]  they use their Bitcoin to do something unsavory with their Bitcoin. But part of that spending
[01:56:06.050 --> 01:56:10.510]  came back from five years ago when you had dinner together and you settled the bill and you,
[01:56:10.510 --> 01:56:15.390]  you know, you gave him, you know, whatever, 50 bucks to like pay for your share of a dinner,
[01:56:15.390 --> 01:56:23.410]  right? But now your address has been associated with this bad guy. So it could strike and you
[01:56:23.410 --> 01:56:28.570]  don't know when. So like the naive way of thinking about this is that, well, okay,
[01:56:28.570 --> 01:56:33.110]  you're going to interact with other people, strangers on the Bitcoin network. Is anything
[01:56:33.110 --> 01:56:37.810]  unpleasant going to happen as a result of that? Well, ha ha, no, that's not going to happen.
[01:56:37.910 --> 01:56:41.870]  That's just something that these, you know, delusional Monero people talk about
[01:56:41.870 --> 01:56:47.950]  as being something, right? Like nobody in my friend group thinks that anything like that ever happens,
[01:56:47.950 --> 01:56:53.070]  you know, that I don't, I don't think that this, this bad thing that this guy's talking about even
[01:56:53.070 --> 01:56:58.690]  exists. I'm going to call it fake news, right? So like maybe, maybe your entire circle of crypto
[01:56:58.690 --> 01:57:04.010]  buddies, like dismisses this entire possibility out of hand, never talks about it. Or maybe they
[01:57:04.010 --> 01:57:09.770]  talk about it and they say, oh, it's going to get fixed 18 months from now with this new technical
[01:57:09.770 --> 01:57:16.630]  change that's, you know, in the pipeline and in Bitcoin, as long as at least 40% of the nodes,
[01:57:16.630 --> 01:57:21.710]  you know, indicate through a BIP that they, they approve it. And then, then maybe at the 40%
[01:57:21.710 --> 01:57:26.650]  happens and six months after that, there's like a count, like all this, all this contingency stuff.
[01:57:26.650 --> 01:57:30.690]  And you, you listen to that and you say, okay, yeah, that's good enough. That's yeah, that, that,
[01:57:30.690 --> 01:57:36.890]  that should, you know, fix the problem, right? But just like in the pandemic, we are at a time
[01:57:36.890 --> 01:57:45.430]  in which one's wellbeing depends on the ability to separate one's, what one is hearing
[01:57:45.430 --> 01:57:52.710]  from a variety of sources and kind of listen to that quiet voice inside that is saying something
[01:57:52.710 --> 01:58:00.110]  that might well be true. And that quiet voice might be saying, well, you know, maybe fungibility
[01:58:00.110 --> 01:58:05.710]  is, is important. You know, maybe this stuff is actually true, what the Monero guys are saying
[01:58:05.710 --> 01:58:13.270]  that, you know, maybe this will help usher in a integrated surveillance state in which the fact
[01:58:13.270 --> 01:58:18.970]  that Bitcoin's transparency is so radically transparent gets used against us and not for us.
[01:58:19.090 --> 01:58:23.950]  Like we thought that was going to be used for us as a, as a force to kind of open up the inner
[01:58:23.950 --> 01:58:28.850]  workings of large institutions like banks and make sure that they couldn't take advantage of
[01:58:28.850 --> 01:58:33.710]  the little guy anymore. Well, gee, maybe it's possible that could, that could be turned on us,
[01:58:33.710 --> 01:58:39.470]  turned against the little guy and, and the, and the results used to deepen the surveillance that
[01:58:39.470 --> 01:58:44.810]  gets used against all of us. There was a recent decision that came from the top regulator of US
[01:58:44.810 --> 01:58:52.490]  banks saying that banks are now allowed to custody crypto for their customers. So now you have a lot
[01:58:52.490 --> 01:58:58.150]  of like, this opens up the possibility for Goldman Sachs and all these traditional guys in finance
[01:58:58.150 --> 01:59:06.330]  to offer, you know, Bitcoin products for their customers. So great. So you're combining, combining
[01:59:06.330 --> 01:59:12.210]  all of the surveillance capabilities of legacy fiat, and you're augmenting that with the additional
[01:59:12.210 --> 01:59:20.390]  power of, of surveillance that the transparency of Bitcoin gives you. What could go wrong with that?
[01:59:21.730 --> 01:59:26.470]  Monero is what Bitcoin noobs think they bought, which is sound money in safe mode.
[01:59:28.770 --> 01:59:34.550]  All right. I'm going to skip to the Monero community. It has no formal organizational
[01:59:34.550 --> 01:59:40.070]  structure. It's idealistic, scientific, and yet welcoming. It's a cypherpunk community.
[01:59:40.550 --> 01:59:45.590]  I think of all the cryptocurrencies, it is the one that's most aligned with organizations such
[01:59:45.590 --> 01:59:52.250]  as the Electronic Frontier Foundation and DEF CON itself. I think it's appropriate and fitting that
[01:59:52.250 --> 01:59:58.770]  this is the only crypto that gets its own village at DEF CON. Again, I think it's an important
[01:59:58.770 --> 02:00:03.450]  project for humanity. And I think it's important for people who, for squeaky clean people in
[02:00:03.450 --> 02:00:11.330]  particular, who want to unapologetically claim this right of privacy for themselves, which is
[02:00:11.330 --> 02:00:16.730]  legal. Monero is legal in the United States and a lot of other places too. And it's actually
[02:00:17.330 --> 02:00:22.570]  better at compliance with a lot of laws that regard privacy. For example, the GDPR in Europe,
[02:00:22.570 --> 02:00:28.090]  which mandates privacy protections for its citizens. That is a law that Bitcoin totally
[02:00:28.090 --> 02:00:34.610]  fails because part of that law includes a right to be forgotten. So in Europe, you're supposed to
[02:00:34.610 --> 02:00:39.250]  be able to write, send an email to a company and say, delete me from all your databases.
[02:00:39.290 --> 02:00:43.710]  I don't want to be on there anymore. Destroy your records, any record you have of me. And
[02:00:43.710 --> 02:00:47.930]  European companies have to comply with that. Is that possible in Bitcoin? It's absolutely
[02:00:47.930 --> 02:00:53.930]  impossible in Bitcoin because you have a mountain of proof of work that is basically etched in stone
[02:00:53.930 --> 02:01:00.250]  every past transaction. You can't erase any of that. You also can't undo the metadata associations
[02:01:00.250 --> 02:01:06.850]  of actual people to addresses. So there are significant ways in which Monero is more compliant
[02:01:06.850 --> 02:01:13.650]  with existing law than a project like Bitcoin. Nobody talks about that though. It's always,
[02:01:13.650 --> 02:01:17.590]  you know, oh gee, what are the criminals going to do? Well, again, why don't we talk some more
[02:01:17.590 --> 02:01:25.770]  about what the innocent guys are going to do? All right. All right. With that,
[02:01:25.770 --> 02:01:29.970]  I think I might've already been kicked off, but all right. Thanks.
